Analysis Overview
SHA256
c218de87d2bba28e69ade4f5b8b8f27db35ff891a10b0cb795f66c2420f86b0c
Threat Level: No (potentially) malicious behavior was detected
The file 8d3370e033ab802c0037efc718cdd70a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 06:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 06:45
Reported
2024-06-02 06:48
Platform
win7-20240419-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0245292b8b4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423472610" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000003b46c93a18e1660a81874e958af0c9cb0dd7b3f8d5127754a5677c09c3c4f34b000000000e800000000200002000000097200e6f4c7b0dfe463022fe4b7b7b2344dd618f80955424cfc9d683fc39168590000000fe726d440b9f73580962624ec741016ff8aee50a27b43abb163b776902103bcd18415a581e1b3c48a4e01c52df9317a1aba562ed7cbcfdd74fc22168e1be96ba48916a2c73352fa25250d5310fcc42a87ba165f7f388b1482e5522a5fa2d14fb54b3055bf95fe5c57669041ef0c65c6fa7227f680776e48fd267d09ee6defc3471bd5a95e882c346b83f5bc512c2733640000000924c088ef7f3eb72615b7617f01a570805f263eeffa984e27daba4c671af84f39c6b11738cadbef51652a1b2b11299f5dc14be68211178ab057a1a8da0951242 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BBC1E671-20AB-11EF-B781-461900256DFE} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000000d4b092263f465ae524146238adb9347677a24fd82ae1c16c2034918ab9c5ac1000000000e8000000002000020000000cc6c8327da09a09fd33324f0efbb7ddff56a36ece7059a1aafb8b57b4c097e5b200000008594a01fad31b933dadd6d76957616ed0855178fd53820b64697c7be6a2d49f04000000035e0d2eb361055b4b86efbfd4f9a422716748be1d88bb61231f4113cd37c72ad8d200bffba5c3b9c6a1225cc4db55952973d23d9c119b0af2db25673ba8a3e34 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3020 wrote to memory of 2080 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3020 wrote to memory of 2080 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3020 wrote to memory of 2080 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3020 wrote to memory of 2080 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8d3370e033ab802c0037efc718cdd70a_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3020 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\528EVS6A\59df318a5dd5b358077fb9a7e56e80a2[1].htm
| MD5 | 4f8e702cc244ec5d4de32740c0ecbd97 |
| SHA1 | 3adb1f02d5b6054de0046e367c1d687b6cdf7aff |
| SHA256 | 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a |
| SHA512 | 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f |
C:\Users\Admin\AppData\Local\Temp\Cab151C.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar151E.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 692279c5553e7a91afc1ca91c069ab0b |
| SHA1 | fc846f60a38c827cf36a93199aae2b31461062fb |
| SHA256 | 614599256797fc9aa08f02604b0e0c30bc7d9ba63d9a46142c66a3f3f1f05b8e |
| SHA512 | a91058ac441204387a78e3249a69574a18dab38f81f3c9fa632607be5379f950ff1fdf9fb7c7a1ac4f4bcd296d5af67cd8f968b40349bdb401191c0a225a8502 |
C:\Users\Admin\AppData\Local\Temp\Cab15AD.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar15C1.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a51b0b9cc590968657033521d9bc9f18 |
| SHA1 | 42053323eed215b51a05fc698db18267340fc9b4 |
| SHA256 | 87d02a75a4e418f399ef0d7a2b32699f3729e25fc4c5d5a9765fb95e1f13f34c |
| SHA512 | d70cf2c45020f840c3f71941c0a5b395851bbe13e553b5ba58003a81c48a363c3c75669f394357c54250a66b9a8d35d4dedc773a4f05b17d49df4b5c8653906f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d2b4ab0e553e5b9a2459c2e0d15dd05 |
| SHA1 | 9f17337bffd78809a1a38b71a64274347f1d023a |
| SHA256 | af92b99b423fc4dd153601282d50ed775525155bab657d800739a99d1b5f6134 |
| SHA512 | d88040449976716cc35dd45c20d8dcd444927a6a76d8e69c8428e794b54c2d65fe6a894632434dd96b487a3a7c375ce196ca653bb5c12e23eabb2926daab91da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | c80341d9372d26db7d2974a90a75b9b3 |
| SHA1 | 5dda8a15ee0f05ab51732fae4d65a754398401bc |
| SHA256 | e14bf0eb785962ecaded432972d58eb7d2c7be71d0aa8e54f3f3664a1c8fdbdf |
| SHA512 | a0d9cdf198dacec70bd074be79b8664b7203f21a4ca415c837445c8444f2ac846fc502e3864cb2ea21c058ad516e110d700f31acdd46348794888f1a3cdddb6a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b543a89f690830229e1aab1c015594ba |
| SHA1 | 20747e887a6f61aabd15d22ea2cab1ae65777ef1 |
| SHA256 | 52b05c069aa2062055cb81cd8a623e575bdcc2ec303e864a997b50352b502ae3 |
| SHA512 | 1786e71a46286de1c41e06b80ce1c470f0cf8b71ee7b178acef8cd811ecbb9462ca65fce8be4478482b6163c3bfb11bba6b69c077c19249d6800a479b4daeb20 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ea46ace136f31b91ae4d8fee36821d6 |
| SHA1 | 18b5a0ff849cfbaf6d460ddb8da4e71491284055 |
| SHA256 | 748092f2d4bf2c8ef47c85d134a00957d08e5f722e6ad90becb8b4b2db55e8a0 |
| SHA512 | 785537d0552288eb6f490e121f25fd5903ab8ca9b901a326228d91a1d7e16bbf9a8cb1c7b0bd471b13c6e64037d02f5e70179455b252394c20322ff4600901bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | bac2038d666eb2fd7f5e2ecac9e7b0b2 |
| SHA1 | 3389fc60487368fef34f6fa9456bef238f7c01a9 |
| SHA256 | 41b12c423adca3c8a91b4d1fbbb71aba8a77986acfdce2a4802bb4f09ea2db2d |
| SHA512 | 674dc371bbde34067ee3dc0c52985b80c0c9a0c753b2e6fc8f8e4a452b487260545ed38bf954f24846b9b318da8de8d6af01b83a51661cd04e77581d10ab819d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | 76d4d147245ce8da3cf3a4aff0bc5611 |
| SHA1 | edf7b96b65cbe3e3ba82799502871c790d9ebb78 |
| SHA256 | 46d3ed9486f6c000d1e52b27979054fdbd340efe906522441306ea0c189276b6 |
| SHA512 | 631a6e44a0b135335bfd4cba07fdebd7bd688379f4012b0d3219f36680d1b735572e69601c631d9a1137aa615a4afd3bb91087d04bde887bd1a1130fe46c5dd2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 61c060748daca8556274bfabc587f30e |
| SHA1 | 05b5c3bd691071c2071f7864a15ba98f60cfacfc |
| SHA256 | d3a4273f83db93b4afe9c06918806d71e6268a4b8b41cee65e047cfaa1af548f |
| SHA512 | 5a8566c72fa10bf6380096f57f5b3c638e347d4b40adb8706a50f84095d0047c39e72f1fe413f05c819cee4f84b6208d9702e2cbdc2f52e22321bb204edfc4ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | e950f85cb6d77a652aeb7e3688b72ed8 |
| SHA1 | e618fa6539ca2644c79254598fc273cfbbf61620 |
| SHA256 | f880458fb529802e5a65da6f3c29094c1c585e7a0f6b19df6c0279dcad7409d1 |
| SHA512 | 122ff4f3cc4e565d4bd18087948142fe398701d1c7aa792e02036ccb336d97752a6f57d6a4aadaba0b363673951fe6eb4547e4539e54423f418060ed4af7c958 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc9b3464f75876a08f046876ade4ca34 |
| SHA1 | 0f3f7b663c5f94374ff30b717f0c947edf860eb5 |
| SHA256 | 2d8e29c2d9a90d6c0601886aab1cb23687690503937c65af4d85a39fa7b4e916 |
| SHA512 | 37f43341e65eef414f6b1f8d21bb375a48a01ecc630babd95e987cce07092b0414bee1f562f99e655ccc99ef3708fa575b9579a25011e40ff7f93523e39418b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b32a6c5097591f2ed39bccf866f497a |
| SHA1 | 2304338bb3da9bad4a93e2c4bf0f8851f6872c86 |
| SHA256 | 387a73e1890d6c1df5648fbe2da32b8fb94eb36767329b57afd5f6705036cbc7 |
| SHA512 | 02c121d7d675ad32b0b0070d4f59615f93e6c0974029db24e563fe1d17f8e55af6397e2a9d5e093bc4126a359beb6ef80a36f056231dfd80e3b3604696b9d7da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c5a2d30aca45b8ee7b1f040e4a72db3 |
| SHA1 | 880e28774781f6d504ce5de700bbb9094ae710b9 |
| SHA256 | db4fd159b4f6ce57977c1d1eca25c78d86fbcf51b375bd5a5e1fc29cc304e626 |
| SHA512 | 3e95885fdcd5c0f7826da478748484957bba6cfe69c580314e09841bb8c8771d6e89bdeac84ba0279750eff280790cbf4b4c2efdb6b44439656e1f182d743338 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 626ea16100f6ce4f01719e327ada1634 |
| SHA1 | b091c2a0920b05235c45d6cdda072cf86a465945 |
| SHA256 | 42a51d682b3cdd29688e7b7a1e6d6a9ed4d8f92ede42face468132fc57c481b0 |
| SHA512 | 8a28a929e6502e405bea2c7aab6c809024e9b49f218fc9569ff898cabc586fcb51199b70c2dee3d2d548e48c5348bc92c206513f035973f873a5eb76d75294d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e87c9c0615469794af7c32d8d58030f |
| SHA1 | ff6f9cb4a53ba6a711f0620fe46aadbd83cfd66a |
| SHA256 | 0a357038ae1fb53b5628c5a7cd486512917fcb80189b766f0c34e989c90b9a8c |
| SHA512 | 9788e6c6fd91e96c6f4081332cfcfa0e6972790c1b291c13b24f49e335956829a5a66cad5db72ff065bf79c4268ae11fa162f3df5addb3042d47f81e3732a179 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e043442fd81c7cbd661eba27e8a8a8d0 |
| SHA1 | ee3a4c12549e6ec8ef6ea781192c173050deedb6 |
| SHA256 | b32e8a7eea6653e8c7368787d53bdca63bd3ed5a77f3ffab79142c475ba15b75 |
| SHA512 | 3529213430b46e5b191a515c1de70f1f8eadd6b59e9acbe8660c96d8d922abb1fbcff559db31e457cf626b37c306d6f349e39084b1925e349d34694df3a539fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d02f6640d4548f79adc4bb922959ba26 |
| SHA1 | dc41fe99bf0ab735e40e9767b0881f28e594dfb8 |
| SHA256 | 392fa1d608b66da1a0b4c651cae0143c69d234e441bdc4e2cd6a5200b06ea72c |
| SHA512 | cb0b048215165bcfab0eae87bc9207402df9eb2f1e552bbfe51951cc2df32b914a5ad6a8dd939bd43742371ecb75babccdaf6b8970f65a7d5d43df7ba9221435 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7e0c869d94d0c027c386e5d02c76345 |
| SHA1 | 39b953a2afe397eb2f4d9fc89330bf1bbbbdd38a |
| SHA256 | 9ec5be3e5c0e5ceed5eb2ca0e7e7192fe9ba918d4da46aa80a6f7430df72fa26 |
| SHA512 | 5b1c0b7cfc451638c9849bd0fce1bc70dce7c34cc32faa265fb061b18b13256285e33e54b599fd35dcef1a6e71c45fb78eef04deb0292161b433fb58b0c514c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72046ed92db449b5eff76cf2086af6d2 |
| SHA1 | bc94c2f8a2ba5d24ea7f0fe8fe417eb8d24e23d3 |
| SHA256 | 81ab2c5e34174edfa9da8d4f1351aa1994de68a4ac76c29985a9b6c20851ce0b |
| SHA512 | 8c3fe58f05d7b520ddba48c7943374ecefaf01c9e639043c334fbf3a598c0e6de9c9cd29a4ac7160769a2858b36327a5c2dc29e34e0307f4470b81508cf84005 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04819db203ab4f5ff6fe8a6807e6db41 |
| SHA1 | f9e8459966afdf9ddad0e83cdb2256cdd7ccc8df |
| SHA256 | f57d181e48a37ba6df5aa46f2e4ba6a00c6e98ccbd9a3b474a42a985147b2360 |
| SHA512 | 9560e2c422d8f57e80d45a0572ce295204aefec0908b17c25fdfa88ac8cff9c7a96221f7d15a8a041ad21db366064556b2cdeb526c9c72a482285903a5423f0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ecb96a23bab9c3a1267210b924817dd |
| SHA1 | 0c7e29ac29de88291c89a944646ee1343bf6cf0f |
| SHA256 | 1f40659bbb88484d9883521b6ae297f49369c9131b37dce9a863d89820862dd9 |
| SHA512 | f3213663440f915de617081be3d4363e1ccf29a6662910212b854d6a53417e04ba5561d83e1d0733383e8c4e2db4417e01b82e063325a471a7368777ec13650c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 6e7dc1ec696bc1e60d4b13049ceade0c |
| SHA1 | cca0327d88db51182f12f6c455edb8afd735edf4 |
| SHA256 | 38a4da689c9003d066dffe7d67c1f16722006bc874e498cbae4bfdcb950d256f |
| SHA512 | 73e40ea970d5c4e18a6fc3e54108babdd300433c43a35fb3421ef824f5d7e8c9d929eb4b1018ccf1592f2cfae116679f8f7dcbcb8dc692b9a163b4b4981ed8ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6937ee70ebfb69da5df3ac603c4f454 |
| SHA1 | 0ce9988d2ab8e55b527e7e3302b70e71d86fa640 |
| SHA256 | 74e1c0cb8220f91bf44e6d797804515719a84e25263c026f402b33836bd9f5db |
| SHA512 | 66f185b1bc457d8cef7ba2464c7abe4608f6174216d3bb62cf4e00761631b93569e2f05afd43fcd5cdaa35e3d4495794a5480ec85c4c640587cd170eb5ef4bca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4dd78069dedc5b05079866a0a7ce8965 |
| SHA1 | 2a6356b6923498d1a84c5f37cd03d4ebbc4e7d5c |
| SHA256 | c290d522bbc9a33481c5b3e2c4fee5f55f8cec0755c58a4f9c22054ad7e94305 |
| SHA512 | 6d864f817d0c77e55fd658bce12558a4333af5801939241bbbb159b9438a87d23f56202e06157ded2fc9f2b56a4da2dfd61c5982c6a14939d8a9e22d99e41f87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27ab3b14cba48e6f4c85812954b967bc |
| SHA1 | 4a7ca844f73d8634c44f3854f7bd69c49effb0bf |
| SHA256 | aed7ca91eeb441b502a91bfe0e6bbafd2ed086d9a5414c0775f7012be092e404 |
| SHA512 | 45c77b56013e43942390a319c56f20488ee2f169c5f7217158c7b58f1a3707f8bcd7ef7366ba10cfa74a389aa7dd97451502c2bd2c244ddc27dbe114fa9bfdb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75e165563cbee5ff7411571f48002fe2 |
| SHA1 | 0d7faf2f3851bce764a2ddb4c102d23777018f9c |
| SHA256 | c111f14e90a77d986fde1f13203fa2aa3decce91d5eaaa8d37e10ef61685f929 |
| SHA512 | 35800bea9338ab7f93eb0b612ccea5c8b211d34810baf551beb664c15bb87cf015480ffe1bb9ecef0706ff9adafeda34832557cd0bb89dc6d95943abbcc61b2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0be32ef3f6a4f452c76564a916af1bcd |
| SHA1 | b3d61e371201be406778ed0d07ec860e5d2ff751 |
| SHA256 | ee7b32cfbb76cca6ee911da04f7e4f0c51fedbef2f9fdf2358cd2b997d04dd5b |
| SHA512 | a6ea2dc742db3ffa4ec7609bf050a0fa8d31237c125a49b930da47980cd34ca21004a9f2d886b16f741bb0d18d46659fb075984f1a45b63f1488d8c51fe26261 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07b26cff50154a92a07cf60476fc9d92 |
| SHA1 | 4324ab5b001a76ab01b6c9956eaf4ca1a35b655e |
| SHA256 | 04094becdf7a0e0a03ad3563f5393fe16b9bf28cca26d956b8eef4ac7f95a5cf |
| SHA512 | 8dfd5678e147d232cf7c6faf7d649e261d49410ba34226ae363e25495d94ad32bde5d27542f7ef1f907068ea80859f8c157b7603bc61633b424bd3d9d7961f86 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d302406e8f4aadf18970617c7c34063b |
| SHA1 | 313575205ac905fa1678ef8ab4fcb7a1779a5e21 |
| SHA256 | fff56c9d230bdfe48f013cf8fed517e6d0a0a7b1939a7c97e9ad7c7d8dc55134 |
| SHA512 | d5c5bbf8a2fa278149a78fcdbcc5efb4e38d6cd2cfc905466e54da0988da49f44329c9bd540378282c601d98adc61337f9c4c9aae6cdabbb13a0c19641b16210 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | f4f1f1534e6dd54c02527ce9b010a436 |
| SHA1 | 3fad67104dafb3612cb2dc7a5f739ff8abf7f62f |
| SHA256 | 73a19b20ab149223058a6d1ba970fa19644c8eca6d98cd7503d45be46eb0966d |
| SHA512 | 45d85753350e236de1be0dac5dd8c46b913aab4ec8119b4a06fc976dd372fdb8d7a79bd08e602a454e354957c107d7cecbbc3bf496c4d0245ff3aecfdf7008ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eaad14502781c97df9f5a916cbfd7541 |
| SHA1 | 134d707bd0788e1af90ce89ed4cbcd8ebfc5ce68 |
| SHA256 | b09bae066089b3eed59c872e30e72761beebb8ae8868134f81a609c413353f91 |
| SHA512 | e84f9a23e2bd71b6db44332d774bade3c960be00b30c25a69e9aebe2bc05577c9528470c0b607f05e2a3fa3fef4a0c67be6ebdd784c34bae49be56e9f29034c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b192398d83bab13d88b54151f7f8063 |
| SHA1 | b168989c6f195d86c4090e6c771be3be4affb82d |
| SHA256 | 56a48bc588e29397be4d6608a66401a6b2b57aa40fe30c8979c4056130828c62 |
| SHA512 | bf7deadef217b980491a5ac5707715635b3c38cda0bb9a343aaf2bfd540923edd8876d6e8d5ddc3d0ba1cc0a05811c0fbb667305d40688f4555764ee253651da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c62129f2ac4492144f2f63ab4d13ecde |
| SHA1 | e0e3d7dafc4a8050136293c551c308af178b90c2 |
| SHA256 | 8277cff8b9905dc9f73c15f3c6259dda9d12d88222aa62de23744bc632d67686 |
| SHA512 | 74ec121f075218ac5ff79f8a4c10222b9d83d2afedb82a81d0e8615b92c532254a2d15835fd442297bb0f899ebc50138abb5f084072096e3c320d06b0496c71e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32054733686b9e031f121ce26076ea0f |
| SHA1 | b3344db77eaaffea383e53741f5a9babb22d154a |
| SHA256 | e5849ed36d04cbfd02ebf0e58a3e413ce084508e958bfb8fa19ca9ee758c80ae |
| SHA512 | d2888b4b7c77eefd0c5ae49fe10bf75f0d950b79206fdd8c18f91f58bca2c2513c66a81cc35a58f684678ebb1fc28b2e170b060cbe3382d9a5246031cd746c6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85a2edd0bdf6ee2900e0ef8dbdb48a49 |
| SHA1 | 7b320eaeff3edb3503d277d8404bdd73bf8732fa |
| SHA256 | 522888ace784607f5ea1c23cab45148b4f95cd1e82a17822cfec40a241e42323 |
| SHA512 | 646c2a589840a0abc0cabe862d0badef81be10de38754070fd8bce97ff3b7bfe82dc6a9ec7cfcf9a243e8976d7e2d97d3b76c786add7a9565730aa888212490f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 06:45
Reported
2024-06-02 06:48
Platform
win10v2004-20240426-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8d3370e033ab802c0037efc718cdd70a_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbb1b46f8,0x7ffbbb1b4708,0x7ffbbb1b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6066797700229284131,16628174086490635175,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,6066797700229284131,16628174086490635175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,6066797700229284131,16628174086490635175,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6066797700229284131,16628174086490635175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6066797700229284131,16628174086490635175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6066797700229284131,16628174086490635175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6066797700229284131,16628174086490635175,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6066797700229284131,16628174086490635175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6066797700229284131,16628174086490635175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6066797700229284131,16628174086490635175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6066797700229284131,16628174086490635175,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6066797700229284131,16628174086490635175,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5584 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | 155.11.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.160.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.15.104.51.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b2a1398f937474c51a48b347387ee36a |
| SHA1 | 922a8567f09e68a04233e84e5919043034635949 |
| SHA256 | 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6 |
| SHA512 | 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c |
\??\pipe\LOCAL\crashpad_1496_DNFXMTTOSXDSFZPA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ac52e2503cc26baee4322f02f5b8d9c |
| SHA1 | 38e0cee911f5f2a24888a64780ffdf6fa72207c8 |
| SHA256 | f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4 |
| SHA512 | 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a36c8e80d25883c1d9b9dd1939909ed4 |
| SHA1 | e76706789205ce1c32548c2e4bf8529d454fe3bc |
| SHA256 | 8f66c78b00327b9958446c29ca6fe3f7db6209216ac902c861e8fad71bb4cbf4 |
| SHA512 | 48bc9a9ec4eb9c34c221885d9f51f620a846a555a99401a59e4bc7db209d5793fed01796350bec62027d84fa146f009f87a8a06689e8dc86047b162c154fd7d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ca8aabbba05eef9958100afe68f85cd4 |
| SHA1 | 39b340ee5bc06ecb4af258eef94f4888ecf7c098 |
| SHA256 | 49e9c423ec437cbabfa54201ef168275af7bc349bd87eaf433e167376cb3e63b |
| SHA512 | 4f6df91a4a0f2a8051be0acc2575e0e39c10258a7a159d8aa8ebac4cd86b3fede6521b29b7e90dd7bf2a8b1d859b595163add46c2ff48b1dd335ba1cf61ce7cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9ed7ed45c293efa51bf13df8ee7a034f |
| SHA1 | 3fe2b08516331ab8a6fa141a643f2db517cd704f |
| SHA256 | e72e67026f9d867a0b92062008e0356c6eeea2e81cfe59655ac82910b183ca42 |
| SHA512 | ab958f27b74b4931530fe8001411008444954b28d689ce399f9f4630530083df2a62c35162d3a5ee86cec0d5f03136ab591c48ca0791a38703b04b62cc9fede5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cf71dc0239fac5a39b9d1a9b63fec389 |
| SHA1 | 06772b459d48a522826052e5c221c69414bba1af |
| SHA256 | 0f16841512bb277cfc8feb41cb3d4167276cfeebdfa94c0c2030641eadbee37b |
| SHA512 | 1a814f1fe0370a28812772db600c354840b149adce983b51ef6c0fbbcefd269f0820af2411735356d8d4d06219b77bec7fed357510e29b317c1316de153c4128 |