Analysis Overview
SHA256
92f56c14e56589581a42807a5a7b90253375820510112272d86b04719334f80d
Threat Level: No (potentially) malicious behavior was detected
The file 8469f9364bd3e74ea35b9cb44974e2be_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-30 14:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-30 14:06
Reported
2024-05-30 14:09
Platform
win7-20240221-en
Max time kernel
119s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40a119b39ab2da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000005256477d14a2e419918c00d2a8ed2ad00000000020000000000106600000001000020000000e6074c83c86db6aa29755d8bae41f93a2cc0bb0f362283dcc17caad53ea69dc7000000000e8000000002000020000000e7cc6f3a82b1a42769d8ba547b95eac22374054c0d2da2e43bd4063bcc1425ae900000009522f269517d2874eee436d8b153d84972656a8319df248128006231e86765e714c99ce0cb897537b9e319cc1575487da72fe41e6fc9baf8d1e20f5d1115552394a782b10f11f63789d88277f60ed34b8a24d6a593d78cec92966f75af5a78902acdfe03b30bc012176d6e8c935c3bd3b019f583648f5d3fb5c815dbb4d2c3496f874e68a7c4da36484db8bb03e8baf640000000ffd5000b1c66a48d1d1c8a53b6c0659c96bd1669ba2ece0eccdd860d84dcc091138983356eb5d726b957ff4ce76a4c0b938eb71af9f6b6369bea4a8261db7b4f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DD2295A1-1E8D-11EF-AFF6-E61A8C993A67} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000005256477d14a2e419918c00d2a8ed2ad0000000002000000000010660000000100002000000046253c4670454f41e0b57905a95dc7dac8b72147cdc15f208436e90b61d4a7bb000000000e8000000002000020000000ec6706d2f3acc0b566e91a093311c363a30cd18db2e91879d8a67971844605d32000000063f5ab4e09c1791eac2bdb0084e2a16b10ec62c74dad49cbb5a3df67f203838840000000cbb065f3695406f3ed8534a263800305cfe7aca5e2fa196a46ae26e4c2bfcdad4b8e3cc3b55be9a808a49e415dc03819fc65582e7aebba146574406c81d86cbc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423239881" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2980 wrote to memory of 2136 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2980 wrote to memory of 2136 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2980 wrote to memory of 2136 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2980 wrote to memory of 2136 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8469f9364bd3e74ea35b9cb44974e2be_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 398722ab9c4f5041188981d7a7dcfd43 |
| SHA1 | 1098df30618ce1510d8353b487eab2ddae15553c |
| SHA256 | 0dfccfbdf27015d2a8a160ebf9745e6bc0be41410553d09a340e1cfbc276dded |
| SHA512 | dd9a9e8691fee59c36e4b1e7fc69d963acf284685d95fcb0f2812c832944a23e8625991cd60e3280dcdfe216e45ee451cc5303116755c0190b6ad646974bf711 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 54cc2340c4d3a2a82fc81b6e7f62b3bc |
| SHA1 | ac22b79abf0645878c53ed37e46b0831a1e6ba66 |
| SHA256 | e76b5eec0fb8dfac6e294a280c70a0d4600d82953b28238dc117edef32be2ee2 |
| SHA512 | fe1a141bc2abb59b26994a5284b3401c7fede6873a8adaa04c97a6021935e2687ab73cfdac1fc604e7dbbbe5663c49155767a420a3b4a210dd0ea82d23c6e798 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | c90575e0768c19282e379d5fbe679381 |
| SHA1 | dfc182128cfaf78e56dddf9c671e0d37a2165f7c |
| SHA256 | 42b7e7d1856d7fe90c927d82950da17f1414e7b9f1f5896ba29edd192642c744 |
| SHA512 | 6e453dfff0079c69b5eee59b14456654de10f8846da40fdbb72b4a6e657682aaf993b8b3abb41a67f3eab7113fa4a0f3aeafda39c29282018fb97819527214ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80739b601ed14e16fd0290ddbc35bfd6 |
| SHA1 | 82bba095ebbd9cfc6e95fe73c2a0949f75eefc27 |
| SHA256 | 54dba3474141c89e66ee14e87528a064546ee0065bdac63df088eceda5bc99b9 |
| SHA512 | c13146e96265e4abaf34358c23d3c553ab15c80d95fa970a6334ebbba030548b8153e0b039ff28e93fdefec603f07e98bb394bd8f1d798a8a0d5e78283be3bff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | d57841459b0ba25bd84f278683e3c881 |
| SHA1 | 2594c11ca191df822468d1e023c40cd7a299ff48 |
| SHA256 | a6879046b613bbef6acb77a953bc4cf5e4a1d7a40ea7a29c3af8bda1eb1e7d66 |
| SHA512 | a314f5cd2d096fe7b2b9f8cb91b3dd9ef37d6b52d11b5daa218af7d3bea352162cd9c1e23285ad29760b762051f8913d2c031356c421ffad6b6685e61040c967 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a55c27c673778fade2a38047e407ff63 |
| SHA1 | 04d04246c60a3bcafd1fa119af8c2920663515ef |
| SHA256 | 05746d275651c1c6bc847fbe620779fa55caf0d40a269e1933f2b7a790d2bd47 |
| SHA512 | 3417efca59a402942479ee2e96aa2f3ce99d9c700ae1c1a945a49998ee111479c8ecf4227976bd46856ddbc4b58d7461dfcdba33c6986e29b255b4c0263caa96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 755599f5b808d8c743aee8c4ab4a5bf4 |
| SHA1 | 0e2895e895c7ace4ddec0f147c4989bf5b46b152 |
| SHA256 | c0cbf0b5d51f216ad2b3fe6093fdbcf1903389423c729887407070f738deddd6 |
| SHA512 | 938dcbf42326c5e10789f01e5225a9a0ff62d31ef3034b494186930b371b624407f1dfba6417d2664dee1fc7b5fdb646ecaa68fbffbc20eca15931259dfcf979 |
C:\Users\Admin\AppData\Local\Temp\Tar85F1.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 66d1f71702c1ef556dedf6366558c482 |
| SHA1 | 1351a8d97e101fd17381d7d0dc232af4b08b86c0 |
| SHA256 | f001a03aa71c553fe7bb4e9fe8e42d495ae726c657d8542ff8f1a6041c1be8f4 |
| SHA512 | ba6909f4997d6ad9211a5d660c2c4ef2a0cf5560f49f0b21c353ee4e400ec06f625640a46ac1300944d53dd2c025f9c10467013a15857d9f7946c5206b7cc672 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 37db6c6557a347d4917f15f0ed042bff |
| SHA1 | c445acca050fb315943ad0eb8935b0e1f6094a7f |
| SHA256 | b20d866e54c362e87883ac3118963f5a713c4886ea859ab7b39d334cc266bd46 |
| SHA512 | 1af5f29f5a25cd9f2924fd773a5009675c446f21dea3b7e11df8c5c066acf44acc71aa82eb1a9599ba08e045b8ebad058bbd6d97674510ccd2fa12692b5f7af7 |
C:\Users\Admin\AppData\Local\Temp\Tar84AB.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab84AC.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\cafd83e895d821e4ada3e3e38f93582d[1].htm
| MD5 | 4f8e702cc244ec5d4de32740c0ecbd97 |
| SHA1 | 3adb1f02d5b6054de0046e367c1d687b6cdf7aff |
| SHA256 | 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a |
| SHA512 | 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3568a8288b1efb80d9e0e8b5b0f2cd34 |
| SHA1 | d34af496fc372e9fad8e2d8641bcf57ad1598186 |
| SHA256 | c2bdb513459e3780ba0412319b8ba8fac73e7758af2c0dc4f8bcb149706e6466 |
| SHA512 | 097462f938ac45beddb9c83deba17bbcef76aa952cff6112951becba10f55fc535021964f338588a9919adadfdf9f97c9ce209d61f0576847224bc39878a1b08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf6fe082cf528412119c2e190de47784 |
| SHA1 | a360dd993bc6a0c5e8ff21623cd47db2e11a80c1 |
| SHA256 | 61ee2a6af65bb78ac8bb1a4897dd66a8f55c130d8e1e367a64c1d4e5b59fe679 |
| SHA512 | 19a4dac71f702f907a57a5f60c177f43dbe3dc98e40238b502ba1d77e45ecaa6103327f1e4a9c47fd8a29755c082d0c7b8f919b5cf200811236b552ddc916a36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70636148265b93038ade1694e44cc482 |
| SHA1 | cbb3ddf38f16e8368cd604ce01b55580b28e12c6 |
| SHA256 | d5a567b7bc0d572081d6d7a0eaf3bab1a72d713f01935a439045c815304a2c8a |
| SHA512 | 218746cd9d49ef45f744eea034bdf62ea9739c26fc46655abba64248c62be0da3e41db28fff106f835b7b3e385086bf226b33b559d43a05b59486a315d1de4f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 635725c6f3313b8b73e5ee8e04c1c06f |
| SHA1 | 7fbd85cd71575b6829228a3acac3af87c64ce993 |
| SHA256 | 70da98cbfb79a2a106669cb684aad97c27f1cb360dad3e3af3a34e7a7941ce76 |
| SHA512 | e0be4f662e6b9c85dad4355476803589e35cb3a1e36b052f0048bb024292e2b191b227ed4960b73ba9576f85efa53176de252e8d95a39afece27069e004a4532 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9508e14d2df34382a2fbf310aa4f30dd |
| SHA1 | 6229c760086bc25c7f0e76321162e34ec97490cc |
| SHA256 | ca1b08228722a0f2e0fab7c82cc0d8dd153dd19b238fa53a6c3305d9cc680ca4 |
| SHA512 | 4560ef1843eff9df9f419ac6aee6332b9053b6fde504e1ca5bec2c2d2c794da96b131014fa2959745e282296913633108a6e19f7338ebbd00ca4e8639536bdf6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a5b40951367e091988d761fbd3091d2 |
| SHA1 | 0e221bbd11e3c6f660b7b3aa4cbf237d84ff16a5 |
| SHA256 | d481e3cefdcc93531fdc739516b92473ebed64deb97328880d5348e138f4717e |
| SHA512 | 91ea084f31651236b2db3a990e25028eb86ad35cf65b874a67994ed6f4625512db366803ed0d74505d661e34c37e90530407ee114fe12b630b79a8fa46c0c4a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83dad019f2f0fbf3ce073493c1178e47 |
| SHA1 | 4d065cdcee061dfa6e3d8b5d25e910d8a9ddeeb6 |
| SHA256 | a2fa6b17b6e86db7c8715d0df54e0393d75ce6976be5a6debbc9fcf050c57ceb |
| SHA512 | 79d487ec0e9d090c21a6adc1563cdaf6a4e101b71e4000932aaac4c2d3998895bcc2209d1f569e7e5533094df3771dc8c999d8dc2591662b6de448eb609be49d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 235dd5c6f59f2895944a412b0d7c25f5 |
| SHA1 | fdd1830fb6991115661262efe1a9876ba399cf8e |
| SHA256 | d3ee97d57abeae04405d144b66ca257efe3a2b163811bc6254f352f7872f5715 |
| SHA512 | fa7f3b836c588dec9e428acdd704ba9d51b7f5113e448debf8bb81ef36804b2cb67dfec1183a6581402463c6bdaedfaf71023e7faf2c4c5f7c5c2e868346f496 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01df4a5660107700a8d75ea43a425267 |
| SHA1 | 52fdd5f493d986b2428412950bc8ca235b58ab83 |
| SHA256 | 6e5ff0e1debffce8b3aa43aae9fa5f39e7c31efbbe6216bb2fb9241258066c8e |
| SHA512 | 0e3e7c293424bb96d669c42aa7efa4e97d2b511c6ec6c29c7c51bed0ad17b37d76bc117ca53dcdf31457d1abbc0c000161bfd892a407e2ae8c94b5ed462b8c2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5d27376d2507724fb3a33eab04ef253 |
| SHA1 | 019a66471b7f10b8f1e4902b55ad1185af2b8eff |
| SHA256 | c8d68be166367e0195916ebb2b389e678e07f8b6b5a9061ade34a5e74d434519 |
| SHA512 | fbdd0371456e392ce4e7ff3e0c7e80427f98b4a46f8a05c971e34c78046bf2a9d3282077afbc6f54b4a5b570a03a297d58841ea224c2e7b11a66a40250f16f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | d01814dee1d695d72e8242d582216d28 |
| SHA1 | 9c667cb4f728e1d1823b3a11b4f3b687f5581647 |
| SHA256 | e00f71b51ae8cdc9c7427f3cf345f456fd59d91957606f92b437e71e00838e02 |
| SHA512 | c5aa95fc7952655fc2ffd0ad8773c216ff7ce33b9df68e107f7d5f19842dcca6e459a66e5e8260543d8406af9faaf45d8c7415a7c6ed308b5a25e37d49b6e3d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fef2f3b79ec122884476989d1ef6bda |
| SHA1 | 84a024f370c74a0326a01d41d2ed9225fef58fb7 |
| SHA256 | a6c8e4b0a64281a26d343e5ea8652c097d0f526847806427d1ff3f917b48ade1 |
| SHA512 | 25c95a5e559b4651680f786d6919230a1efe80087745d214a89c21c42a9d1848cc3418d65a0f75c04052ee97500df9265a78726b32861bbe9eb4323209317769 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 54688e0524c2aeeff06b9794d73bb48a |
| SHA1 | 8187f966b2b89e8349bec4fede856beab7746a23 |
| SHA256 | 80c77ab6ae182504bd57fc4b927c1dd209e1deb09fe53fdfc0fe521c7ae4ad4b |
| SHA512 | 7eddd76243bfe2a4e19ac7cf5b714ca57fd22901210bbd23de7645673e42e12264c2cb60d5a2648081990c49137eb8f080b6821910be0429fb81cf4473ae067b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ceab4561d611935e7b7f379dbebdf87 |
| SHA1 | 6fa221d3f5fbabd37d76885650a057476de91019 |
| SHA256 | 6c39875676eda0df45fba19921f9fac9cd5f2ea065f1dedaae4276859f1a695d |
| SHA512 | 2e88e710a92b3ed4528750627d9dd913b403c400d2c595798a51020d6014b8f1221ce82dcd5af7f6dbf26d244ffcdd385abcc68197b6c1dd4347d1012fe74dd9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a6a7b1e022a357e459797f89b57f787 |
| SHA1 | f217623b2d80aecb1e1a1e48df39de186ff8dc7a |
| SHA256 | 1e5aec8ff6463197b8a6aeb3c35208d063589be3b0871718f8576e7d1fcbb885 |
| SHA512 | 3957f48c21a92311f009f56cd491f8d43b1f66b0dc785e600b374a4cae6f29f81b823364882f7e395e47d7431e921f6da5f35ff02f62890951496b15f51433a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e650c0e426f980ee31c97c626f24035 |
| SHA1 | 8347e30d323f4e28095f04443ed7597304f1efd0 |
| SHA256 | 89c2659516fd77cbb814b6033a06e529e7e681a59461ca40fb48b602e2578ea7 |
| SHA512 | 0381f9018998b170acb753719662d5f1e3dac0c34329e3b881dc204d5bac752d52e0ba2d2189530b1dbe533f940d1e06167dcd56d54be9946ff1ca618b01b8e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 71042511c0dc4b0178e7e8602cf9a6ab |
| SHA1 | 6b8a98737b148cffdfed0d3b24cc47a527a978a1 |
| SHA256 | 3b196e1b763743cfd5344bfd4fffcf999d0119fea64fa56ff8ccef300e5f6a3e |
| SHA512 | dc6eb278835bdbe14e07d521ce653ed6a97327341e36f4c476aebce080b9d51c4d7231060ab360b601f43e9b9b0612b852a6cb6bb912c8e34800b2b078d33de8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2672c20068e664ada70de60e03a56b97 |
| SHA1 | 09f5150816f0a85e260924b48de2c74fa0d1511c |
| SHA256 | e8586e173ec049415f0425eb38a4c2a9201d91a1a6b84dedfdb69b612dac91fa |
| SHA512 | 76ba133399df78f45f441ee04ca4e2504054daa2157e4b8431e41eee4571a483b8bd30e519939e104449d418dfe71ce9963847e48bf018ee9bfbb88ac13a9b07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e58a8762a6c44adb69913c968111cc8 |
| SHA1 | 388efcc70188a632193d8cd89322e78053df8217 |
| SHA256 | dea160843986dfb32bb6f999263f6057f7a6a7014b347251728383bf47faa447 |
| SHA512 | e9945dd776963dc438c0fb08ce649fc542a0c88bfadf2c50fd41bacb8c988e67b2df9aee61e5556bad93ecd3bc366cbc5c4691ea9b74518f0f7bf19e8032026f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f6db992042fbc14d224ac62977a58a7 |
| SHA1 | acd5214bb662a5758ddc3116fb83b7600d7d6293 |
| SHA256 | 3eb5707fa614b4190a25bc0df39672655caf7d52299acd1282307c14d07b28f5 |
| SHA512 | 3ebc3c25a256045cd00f1769e467fe1d408b1f1b20ace19163f2a1e5c8aa3040d34cc19d8d4c3f77f4a7b32407fb1b5821af600d8569dc7629f1cf1bd0e1e56b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a9f02f6558b64da3e776d7dc56c1f96 |
| SHA1 | 61792560f15ac90ce600ec1904d6f8bebe4d346a |
| SHA256 | 914e609e9c200bf556c788111b8e3d8610a46d68f10f94d0f7463d4b2f043f72 |
| SHA512 | 7f66a0bfabd0eff87a85604177b6ea118fcd8698a73a59955abd0c8e755f12e19b9482799aa54bc8fa18a5b2234682a3b0454761d4612e883f89c1ae763a3614 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af7c2db1ac6db8d87b9a72d73e78c058 |
| SHA1 | 4149c7e71ccaac3a7e8700a0ca5c7c9007d96eac |
| SHA256 | cc749540bf298ace2d6d99578d8313608563234d32ec27295a423fb41aea15ec |
| SHA512 | f2a8ea478e298f59a7a9356152242298eab7a5c9da3666a0be58e91334c8dea522422775208e92a1c73db666be31c26be8bd2e4af565444ad1bf59bb631a923e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 534fe2e3e29acb7409c5f3e60e60d932 |
| SHA1 | 1e844ea86963b868b6f22fe2a74785134194d10e |
| SHA256 | 9c596cb9ee0db230dbe3c1374a7924c818fc728e1ca59798dbbbd24bf24cfe1e |
| SHA512 | d39ed341aee513ff95db8d1e74d0444e06da704475492e09823ca69bf3f2fc3b0aa9b42bab5bada62091e6df57741ee6bc971e821d69315b786298c13b812c24 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-30 14:06
Reported
2024-05-30 14:09
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8469f9364bd3e74ea35b9cb44974e2be_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8107b46f8,0x7ff8107b4708,0x7ff8107b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,17531068686600350272,5467716883900823431,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,17531068686600350272,5467716883900823431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2548 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,17531068686600350272,5467716883900823431,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17531068686600350272,5467716883900823431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17531068686600350272,5467716883900823431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,17531068686600350272,5467716883900823431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,17531068686600350272,5467716883900823431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17531068686600350272,5467716883900823431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17531068686600350272,5467716883900823431,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17531068686600350272,5467716883900823431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17531068686600350272,5467716883900823431,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,17531068686600350272,5467716883900823431,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4860 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.11.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.160.67.172.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| NL | 23.62.61.56:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 56.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.17.178.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_3964_XJIAKNRSORHKODKC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 25caed757790df6d0b1a1b49883e9c04 |
| SHA1 | 253cd1ee07d1d436fe39408fddd08b0e10586dac |
| SHA256 | 9498c6c8ea4bc32874142f6e3e93fa0cd3bb37288cd9e9acffb8ef691f80adfc |
| SHA512 | 3259e9f464da08b92fef8f48ea0bb293f5789c0f65306cfff2cc4c3da3cc4f5594bc42ae6987cb18897745cfcf23dae96cc18a3bb1bf2c969dd23771885989d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e0882d6bdcc8b5e50a6d7a9a7b8ee98f |
| SHA1 | d5bae38757273ccaf4fe6b7aa6709520a1abfc69 |
| SHA256 | fe8b482fc7da72a04bd09cccf67eddd781a0f6d03c307552a55cf61d326d726f |
| SHA512 | 8164257fbbd81d15ffe9c87e5d3835ceb811d6c7ebf4f0bd49ec92c286bb8e367338f204e4f518179bb1a66c9778678a5f1dbdd8a42f37a00853673c6b628e3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4a3390216265e39afb46418c04835e09 |
| SHA1 | 94f1ab7f54971c81f4901d294d05c7770a335bd4 |
| SHA256 | 62919c389ded58c69de4254868abea9ab096c1c24760ef19d58946cc48c34366 |
| SHA512 | 5fbaf4f5bf24f81f895468bca7fb50591dfe3e15e256a4329d2836a72350cff098952065e6666f5703ab0bf259bc8ffb26a368576a7059efe4c3372a44fa25b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1156ae1d55d964e56c7f763d824fb02b |
| SHA1 | 35ef4de8a757530951666008448fb97a3389f5bd |
| SHA256 | 9a11a1a83cb63d60ad19b86ae1fe852c3ed5184cc780327bad7759e3aa415540 |
| SHA512 | 08211567248f161bee676eae6a25f8d05ec7d6b370aac0d5a4b6f0e1711bdb878a11735ab80ac1d02eea53a48334644edcd2fa0e2f21bb3c3d89d93dfc718a3d |