Analysis Overview
SHA256
30d4cf8bec948444a0193ba0bf50c085d4aea0b56967ed94e0baaa79e6f002a1
Threat Level: No (potentially) malicious behavior was detected
The file 8fc18eaff28ab34c3285485349d29561_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 23:09
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 23:09
Reported
2024-06-02 23:11
Platform
win7-20240221-en
Max time kernel
120s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c04a0afe41b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003d15afccd9b0d2469d74c864a683ff7d00000000020000000000106600000001000020000000681a2cf5568bcaa84cdfa58c0593b74eb8b4e5e2bb605b87e0266e23be11b938000000000e8000000002000020000000db872d7c821870b080e023e65b5169429cd5dc3e2f917839714176b91a888b649000000058b6352c018f628a81e273de860f8897a3d065df5ab724e6cadc0232b828ba2f5a2cee0c54bad4ecf7dc9a91d7adb116167f877e39390de6e03affd51f8d1f7b6713bf59bf121cb2da294d2a0397e125c144d944a747e424c8e5c7b00ac006b8ea6d68c0c24d5c184b1fa37610812777d6da29ca10bb03480cbe73b72ec0f1cffb4aa01252d263e66bb67d1bee50563e400000004ebbd5f05554817adb22ef44043c71b164272d48d1dc828b0980cdfe69f9c961114f4182640cfa45f6db0a00302a7ac02db3474e33093f5e7398e466314b54a5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003d15afccd9b0d2469d74c864a683ff7d00000000020000000000106600000001000020000000c9ac7f283b763a23de3b1bcffe920f2b5acc55dd7ecbfb05197d5757f00ebaf5000000000e8000000002000020000000dfeb27078430061d12757dbb30b3a50c3355cb03570402b5e7d001c11e6ec43b20000000273660b9b89d3aa10562a116e010895b32f96ad13a7a771e34a83f30e5d74d5040000000fb150f7301df09ff7627652e61c848d0da0f597745a3c4831b7a6b9b6fa71bae5f33bf27d00c404ef26103a33c66eb3b9ea0364082878be36c3ac6bfdb3cb86b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{26F79DC1-2135-11EF-B012-52ADCDCA366E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423531632" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2040 wrote to memory of 2716 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2040 wrote to memory of 2716 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2040 wrote to memory of 2716 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2040 wrote to memory of 2716 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fc18eaff28ab34c3285485349d29561_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\6128162e0ab80b6aaefd01d25ec9fefe[1].htm
| MD5 | 4f8e702cc244ec5d4de32740c0ecbd97 |
| SHA1 | 3adb1f02d5b6054de0046e367c1d687b6cdf7aff |
| SHA256 | 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a |
| SHA512 | 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f |
C:\Users\Admin\AppData\Local\Temp\TarDEB.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\CabDD8.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarED1.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d7ccf572ef7cc4263705b59e63f1ef3 |
| SHA1 | 2456e98d71983f3f9a33b080e962ba08874909a5 |
| SHA256 | 672cbc3725d59e3c184a6cd49925875df409f899b5cf0b4be9d4017eb03f504c |
| SHA512 | 7ea9649ea44d4de73e9833cc539aa80d375ca550f57d2171857f5811e9d5f9400bc00099a618f7e469cdcbdbdf6284f9df3708f425cf7c651bf0746153c854be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | beb234a6ab217e18be01a7b6f4740618 |
| SHA1 | 320e2745387976ff48ec75ae5c550275118dcf38 |
| SHA256 | a87cd9af028606e6a162805a99eff86588df4b428901882900dbd9d6e6bf36a5 |
| SHA512 | 3c488fae774ee1d3306a44731d27a94ceb3da8c4970d91b5fe07ac90a61eb159c8361a8e1fde599dd5fd18b08570a879dd3a0d3d18c3d5db644283a03377d2c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | a00d168f34ae3bd5097182ad600f0978 |
| SHA1 | a209035e30c03a0f1386206fbac8f7914015a813 |
| SHA256 | c93e11accd79f754c4393c2895c8bd72f20387ad161feda58215d306f527926b |
| SHA512 | bce45edeceba1832a91be72c128296529946a4ef25a3acac77bdc52b022d21e674f1fe62dfdf72acc3e29bdacec90c6d3b60d957c7c005000f7fe58743cf14c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | 76d4d147245ce8da3cf3a4aff0bc5611 |
| SHA1 | edf7b96b65cbe3e3ba82799502871c790d9ebb78 |
| SHA256 | 46d3ed9486f6c000d1e52b27979054fdbd340efe906522441306ea0c189276b6 |
| SHA512 | 631a6e44a0b135335bfd4cba07fdebd7bd688379f4012b0d3219f36680d1b735572e69601c631d9a1137aa615a4afd3bb91087d04bde887bd1a1130fe46c5dd2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 3c5d8d027f7a642993572cd779d6a5ee |
| SHA1 | dba305183c1a8fc3dd8ce201ed4a0aae09148807 |
| SHA256 | e7ccadc568231bf5051585334b92ecb4b8391b1a022775a2b04858c6b2741c07 |
| SHA512 | 9142c3656373e648b9d4c6033ab9f5e4c5bcd8b9c735e965b9cec08f68f075c9f58347bf04201c28473824e6427c2fb9ea9a9e6ea43ad9eb3cd0fe90c41474f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 61c060748daca8556274bfabc587f30e |
| SHA1 | 05b5c3bd691071c2071f7864a15ba98f60cfacfc |
| SHA256 | d3a4273f83db93b4afe9c06918806d71e6268a4b8b41cee65e047cfaa1af548f |
| SHA512 | 5a8566c72fa10bf6380096f57f5b3c638e347d4b40adb8706a50f84095d0047c39e72f1fe413f05c819cee4f84b6208d9702e2cbdc2f52e22321bb204edfc4ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cfb93604332c838e7d2e50752250535a |
| SHA1 | bbbb1055643963a593e09b2fd98cedb74117f212 |
| SHA256 | 721e78ce5394b45f2713a956e4252218df0c7a153697a8871043df502c935a63 |
| SHA512 | fe46eb9ef243bfef05a18e83ab08c5b68845a762c0095eb42a951dcafb1fe5a3a42b54206030039e72168ccf951aa8bbae624f0c9e4e03752e315add8d2bd744 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2862b9c6e09368c0fc91aabb9e94572 |
| SHA1 | 85658af63e3726e62a24ef210d02890cf8cb47a9 |
| SHA256 | 692702f62181aa4c9f3b1f7f2cf07aa2902f10a02d0a2979d59ad68610a47a85 |
| SHA512 | 279ff706051f9bdfd58f196e38c9d80555f6741e0cfacff677ed847175fad3ace42ce6c10ad00f715216ff5efdd5cf7d7c07f27a160321b68de1992543fa786f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f4108de34799fea82a608fa4af03438 |
| SHA1 | 7731f933db56b876d6f2add442743b1f85a2899d |
| SHA256 | d7df0878cc24ab4f611be6f4e269ce2c8065d41ed15816af40726b2ec3e10ccf |
| SHA512 | 90e98d86a8430ae2bdb45991a7ce5c9e0abece91529007dac49434d547ce240091a60c98635b10c6eec5e4eeab21c16b7d6deb87b16e0f5991dde7be64d7f696 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f596f609c869f851fb156f12a2045533 |
| SHA1 | 8780dac91e4379f95694e4c087edbdddd7c010d8 |
| SHA256 | d4eb70cc31fc1ef3057c6e1a8c77df2b001561129c900bd40f909035b98e2799 |
| SHA512 | cbe2f8400a224bdc52d790f994b18099ab01bb6a63f8bac506efc2fba0763b7062a15bd9b789c74dcdaaf92480c24cd4e6c987e030cbb1233f5afaeb0e0d5345 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a82249e50ed0d6f92214dd28fbd447f |
| SHA1 | 4be39f2aa6419ccdd0d2039afda3ab89af5da674 |
| SHA256 | 908dcbd4699191c9eff4a6ae83b1c02d04d8cef8c2bfae3b1195281e8d335263 |
| SHA512 | 8642b7229efa027ba7fd05b9f87db1f2d047aace898d5f40d8b258cf4a92f795cd4508f21204f035346c780ee7bfbc29f7f9205bf18df93a939adc90a9dcc27c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fb96d693178843f2cf1688f128a03fe |
| SHA1 | bb7a35e443e2654a63120c1d420e0e7a80288afd |
| SHA256 | 902b96f5db06826a82665003d5d2fe2226deddf70558fa0114cdd80793921189 |
| SHA512 | 0e4dd05d7d6f0a8ac40daa18aa244d0d31c0114e900e420350c72fd0c73e83bce599c8a30afa76931f04b947d24c76f55b3edce2618cb279e45808544170249f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9bd1a93da0d9617ca09a29c2b16c8d6 |
| SHA1 | 2696268ca5e782986b8c97aecec885fec61aa2cf |
| SHA256 | b52eadc89b2bd6a3ac2c490c3b4d2f4e1914d67b253a6b59bab0e99b603a13dc |
| SHA512 | 5ed8f69545fca74bbae27ea41e2b54422b7ea63f497c7f03934d63f529a2130911ee32b92d6cb26b53a270412dc3061d30152b5c72aef4b50c2c5530f3ab502f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b6e218b3e7a33614f64df151b5f7c5d |
| SHA1 | 7a9f4c941346e31317bd024274a5d1e41ef040b4 |
| SHA256 | ab06400b6a849b6e3b5011ac44882cebeeceb11e424bca12ddf2ab7b42dea6d7 |
| SHA512 | 69d9077a638a879a1a5691b656b8defaf6cbc2ca41788f5a0be90587dcc452021f3707bdbde34bb31f2653289bffc37e93008ffc548e4f0b8d6c692f56a519a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf1b9886073d618565220a027d41a7e0 |
| SHA1 | 563c8d1155f44d78f0110129b743db6359cddc7b |
| SHA256 | 5c1ace12aa8a8fb85e0bc50754f4bef30d798683caad76147b369e8b44edd3e8 |
| SHA512 | d8dc73b5d48eb5c76581dfba393c3b95a1713a777586b89377b35699854207a13f19eae48832c6b5cde4d6f02e4b994798dafb935f0ed59bc91593e295bddf90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f09bd9f1a47f71c35cf2586726e14b1 |
| SHA1 | 0402e1801404b267af67a9339d9d1f3486f3c2ba |
| SHA256 | 994b15840d472f2bdde0254b11dc6e14211f1f9c747d70f387c54c49ecd6506e |
| SHA512 | 51aafff4ea6c0f400e309e5b2ef1a7766855555962092e6f7f06d531f60f907d9d52b4e44d7687f7026c7b99f515fd88315fafd8dfc40e2c9c9ca5c52e4a2dd2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d1218714c6d3370ac67f9ca0c3754ad |
| SHA1 | e0a6e99a751ab7855d76e6429b1cadf23b628954 |
| SHA256 | 735b2895495670f1a5882d19cbe96bbc1485ace925ceaf88b339e9cf83bf1ae8 |
| SHA512 | 2232f60768a94a29c8a1ea45df7b6758b058b5883096f798234ed472c56762ea2f46f9df91040503a80dba8316721bc49fbbd10b8f013a71ca1305da9259ef73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 0399c1273757d3d2ca1f6cf1f8d99295 |
| SHA1 | b5d1e29299a5334d9f05aa9ca8c7cfb0b8782e1c |
| SHA256 | 64a97a1d13ff021d37437fcf75e18c12307510330cf1db57a818678c935f9503 |
| SHA512 | c7dee245c419ba0ac0d43dd9d559d37600b01f4b7e4c43e38429d0091fe9d0420a12b35b269bcd294dbfd8657ff4e02ec291e332975458ec46c2bbc7af1e3159 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfa1071d7d38b7a5c18b37d25c2eb098 |
| SHA1 | 5aea38b9d5f58d1897d8278571ad54548fd1ea3c |
| SHA256 | c86836fb526e8afccd58cf4380b92295061128c2073e0a92c3ecf8e654027155 |
| SHA512 | 1131d4a5a589ccb6ea5b48e27c1df2c39a7c35f7dc937cab43dd383265ce9f25ee93150697e9d0139d097d6ff77a444a42e763798b12b155e66d8f702717a95a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9421ff94335f8e24aa4f32a3c847339b |
| SHA1 | b0675db127d7c8e17eea79d132c91ecfdd7c1691 |
| SHA256 | a137fb192aae5e1b97da86b726474c5fe88f1985f166a0dca54af664124650d2 |
| SHA512 | 0d01dc7ad7b3965a0768a5e9d60cedcfcbed3e958198d496381f5cb8b574416e2393be8a6351c2bc84dabd2a3a73315fa80c0975d9e636ccd6475a0730ef7f73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca710dcf540260960e0777372f9ab204 |
| SHA1 | ab03135ee1ed4cd884fcf307557ff42cb3ab72f8 |
| SHA256 | 67eabaf727274157c0d5b1410372a1bc5ed098a103d9ef9ff76d63ec3a67dd23 |
| SHA512 | 6f107496d414f0c3457603fe7a3984216cd4515c846bc11c4bd5f06b3ee3794e29bfec9ad4a2de2b53556297d1886c527a822d1e5f307ea8fe995c56c58afdbe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4d159491034c13590a19c5e2cf4b605 |
| SHA1 | 3860af1b39fa0c24a7ae81d70b730ff66f0ec0c0 |
| SHA256 | f5b66e068ce81075ce7ab10cf3ae867e86a7c891e937bfd4ca2e329b1a302548 |
| SHA512 | a959c1032920c9654226cf7c32962990602ba30c3456fa82e9405a159aafc0e7798bb743158a397059de9a92407898d8edf9c91ad411e48f0023e5c6da36a584 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56ccf27521a9324e8dc2c1b49d4dc06a |
| SHA1 | 52b8155b6e36c8d824c72395c69f784d4e84299a |
| SHA256 | daf924b30e9181e3ad3b06a2dc1ebe038a595d41e9da6fe336fe54d434c5ba5f |
| SHA512 | ccc0cfcbf3dc36ce2cd594300a33946e18cc36acfa311c053501d2e9b2f7ba32b419e73a314c3f87fd2b445afc4d1e65fbaca941cac8b262a17358f068fd6d5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 5db3dd9e17e6bf03a246b41d671af95e |
| SHA1 | 437e8bc510e01f56b70bd74a186110b35fabc2a0 |
| SHA256 | 1c252653a7bbb2ea5d5b212a702037ef1c602a2d24f5a3cdef27c66ff5b8c43a |
| SHA512 | 1bdc151d8fdfb6135208c0a72107f03041b497e961d34aed97cfde360bcc891721376aa7118f19094cc0b339348831612f3e69d7b41d3e6b711e11fdb6f5c229 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e3ccb66cb5495dcfed6e5004c1d7160 |
| SHA1 | 7d49818c6da1c3bb9a7593aa3c486b99c9b79c90 |
| SHA256 | 269e1ed8986fa090b720fb590f5a8acb99ab0b5db6c8f295a75887821d62ccfa |
| SHA512 | 6f629cdc00b7ffda051f610cd43be3e795b1f4d03671fb993f734178237ccb554b782e631fc6636fe9b4106aac236aefec37d2cb9ec07970b891f17a4d0a48c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 726b75ab6e7ff40a96f680781b5f5f49 |
| SHA1 | 0c94332b51edd3294d02781abc6f189e6d99a2fd |
| SHA256 | ac605204667a90bd32551cbdc7790717dbbcf4df84886b8df95f3c4e9d7d8355 |
| SHA512 | 4ab9f77a1d9c715876d50208a95d2f2e8ed3fac48e05d78939b3e60a3a50375c6a1c9d0ae30397b9b3fc4783c5f4897a0e0825bda87277ea5d12bc899b61836a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8db804a320dad249e42d895011efa40 |
| SHA1 | 4f123e498c14f9b66b20355e11d0e80fc82e4705 |
| SHA256 | c4cc21e3e7a901af40f48d4fdd72d583dbca39fce21cb6bfb5203f7aebb230c0 |
| SHA512 | bc886afabcaef4436ac3fb1974bc26b85130b24b0e93709b2c6ca6c7b8a145cf56c9c2cfe07248a79f33a5c4d8859c0fca7458152d5b1d7a06018f12e48e8e97 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 23:09
Reported
2024-06-02 23:11
Platform
win10v2004-20240426-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8fc18eaff28ab34c3285485349d29561_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee5d646f8,0x7ffee5d64708,0x7ffee5d64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7990739416771078748,16218396756296821706,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,7990739416771078748,16218396756296821706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,7990739416771078748,16218396756296821706,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7990739416771078748,16218396756296821706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7990739416771078748,16218396756296821706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7990739416771078748,16218396756296821706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7990739416771078748,16218396756296821706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7990739416771078748,16218396756296821706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7990739416771078748,16218396756296821706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7990739416771078748,16218396756296821706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7990739416771078748,16218396756296821706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7990739416771078748,16218396756296821706,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4972 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.166.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | 162.160.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.64.52.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dc6fc5e708279a3310fe55d9c44743d |
| SHA1 | a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2 |
| SHA256 | a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8 |
| SHA512 | 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13 |
\??\pipe\LOCAL\crashpad_5032_NJUYFAPRRBZHEFMP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c9c4c494f8fba32d95ba2125f00586a3 |
| SHA1 | 8a600205528aef7953144f1cf6f7a5115e3611de |
| SHA256 | a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b |
| SHA512 | 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | edba826073876d41de44ce6763d6e4fb |
| SHA1 | 75af21ed229025e9d0e4e0367b1f688773720df1 |
| SHA256 | fb174ef81469d6bc0df7d090410ce85652abb41d8bf0fe7a183dda9aeb7ee1cc |
| SHA512 | 3eee4edbf7871f24e1cd0cdf46f00f0142150d16727fee8ae539bb756b6b86073c53d6cac2b7288e3c17703ed8726ec6ddca0ab863be9a3aec357db248f5dea7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 640f74620f6b2f164b088e30007fa326 |
| SHA1 | 624a8e6bb6a60d1ef64df53aa4bf68f59fff2e49 |
| SHA256 | 4532a025d65dc40e196e4597b0500087ca783bbbb45c2b7a3293480311894953 |
| SHA512 | 1d97cd9fb92503e20d791a79506f9153e75ecb9d538cbbe5f7b849c06dfb9e1f951ae1647a3cd21401cd8b7fe0c4347aa502bc186eb9d0d4ece2dc08cc18f606 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a2ac147631cf856e71b1a503e2e94c9f |
| SHA1 | b329a684b9d5dfe9abfbdad03d43905a5936f28a |
| SHA256 | 1f4c34db2b6867d79330227f33fc7482c0ef1e0f6b8384f592498d857894b136 |
| SHA512 | 456a7df36f154ce1add2755007f4aca44ab0ee4d49791f3780f715c54554b0e2f3d5435bfe2add58da0a313d57d933994088cb96c30d8d2b57f7a695ad4b4601 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3f3ccee199fff8e18871773011e31a94 |
| SHA1 | 8ed558db799b8ea190be7da13e7011df4e935337 |
| SHA256 | 59c1f36cc6cd828b1d225903f31cd885fb495c4bd8a7893e9e9d6d60ead8de2d |
| SHA512 | 77894aa4f8ba67f875c122dfa3bb8808ed9ac7e3325a04c08e5adcd9e7038f7bbc6ce0cf5d87758b0210034380b11e44bc54f7137644c65d860844656ca375f6 |