Analysis Overview
SHA256
838947bd68b7f6ad1dfdc937cb0896a9d85ddef8eff9ff7fe5e5929c657c8623
Threat Level: No (potentially) malicious behavior was detected
The file 91e99e1e77089f7deff89ace7918063e_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:14
Reported
2024-06-03 13:17
Platform
win7-20240221-en
Max time kernel
136s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582365" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000975ed9305f132e48896a72c8b220a316000000000200000000001066000000010000200000004a1e0fae90af930ccb61fbb68f67bf49c7a949a4e1383df68310594cf71ab619000000000e8000000002000020000000edfe6ba993a334a5abd45402ecd4a6cb16344269c403918c0df5b9a707ddad2f20000000811c9901c0bcb8e94f4db78a5bb05aab708ccad368226f40c8fbef01960ce0b7400000000a3f2ae5475e7a0216d87556eef2e3444c8ae6e3ea80628b1c8a3116e799e3761245ed71922ffda9482f38cbe5c9bb19bcd9d908933b617b5f95b4090b8e55a3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000975ed9305f132e48896a72c8b220a3160000000002000000000010660000000100002000000003c08ac91691ac6d6636251a15c835cc1ed456407dd21347d40dffbde80c2d8d000000000e80000000020000200000003bbfde36758825562431d2b2d9263dbb9c1e54a0efcafc8c923da9204f56a9319000000069fc5f8f93dc6fa15ab5c6785ae2f174082ccdaab578a62811eccc083a46aafff5e0a0f23ed6f72205fd19fe118efcc56d17f9d79505d93d89154164dcef7c1ec6820c7743351c45d74eb2bae2956c2ae5a708c271ee111eacde525c5c105267d8bbe9a07a8c266d3e6ee77396fdfda127f3ba615fb4de495949fbf42b21e835862656bcaa3ad7cb4fc963ef601ea273400000009737250a28a16bb8c74dd8237f5a2c355966ca5efb51150185d4e37db84dc7817b40c78434e0ff3802196eb936aed717723ad8b8915db50b12d4be128667965f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4089d51bb8b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{44FE56D1-21AB-11EF-97FB-6A55B5C6A64E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2956 wrote to memory of 3000 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2956 wrote to memory of 3000 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2956 wrote to memory of 3000 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2956 wrote to memory of 3000 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e99e1e77089f7deff89ace7918063e_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2956 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 188.114.97.2:80 | saltworld.net | tcp |
| US | 188.114.97.2:80 | saltworld.net | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 188.114.97.2:80 | saltworld.net | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 188.114.97.2:80 | saltworld.net | tcp |
| US | 188.114.97.2:80 | saltworld.net | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 188.114.97.2:80 | saltworld.net | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 188.114.97.2:443 | saltworld.net | tcp |
| US | 188.114.97.2:443 | saltworld.net | tcp |
| US | 188.114.97.2:443 | saltworld.net | tcp |
| US | 188.114.97.2:443 | saltworld.net | tcp |
| US | 188.114.97.2:443 | saltworld.net | tcp |
| US | 188.114.97.2:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\59df318a5dd5b358077fb9a7e56e80a2[1].htm
| MD5 | 4f8e702cc244ec5d4de32740c0ecbd97 |
| SHA1 | 3adb1f02d5b6054de0046e367c1d687b6cdf7aff |
| SHA256 | 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a |
| SHA512 | 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f |
C:\Users\Admin\AppData\Local\Temp\Cab9FDC.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar9FEE.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 13ed5e0369cedc64c8437eb9a493a981 |
| SHA1 | 880053c91809fef7b2a3d688143f554d5a05c0bd |
| SHA256 | 3560614f2f62c19498d2ad6c3b9fa8f232883167479de05e924a5a3ab19a8454 |
| SHA512 | 18b3c940a3b722b58c476af4141ab987ed9f7557c1e52f3f20548b2c209abd67c943761d22e20ed59c36d69f8cd911285aff7efdf2d20f51c35cad62932aefa0 |
C:\Users\Admin\AppData\Local\Temp\CabA13B.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea77617edf552981893fd93e0f22e30c |
| SHA1 | 182006353dea607a454cacfcc5b3d258ba7e727d |
| SHA256 | fe5b45f07d09e50afb4b60d01c8dde54ed4257f983a5ae39acfe72e4cd69f300 |
| SHA512 | a63b636adaa44c8bf7b559aebd3a4f6a206168f184785e8d635bb4ba5f6edfb310026050d4a75bd195ae1debca342c60e163aa0ea76e7c9148f974b586cdb3df |
C:\Users\Admin\AppData\Local\Temp\TarA15F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5736400e9fbafa5538f0c997eea44a79 |
| SHA1 | 1b8635f3e8d52da33bf9843e5a323a7694f0c72c |
| SHA256 | 70fa7bcb972ed5320870a220bf9e6a19b0cc89b88898cd7c23c1ed97e91282bd |
| SHA512 | a1844e6ed388f4c13a4b20c226c02062038a06f09306c5602a3341de18333a47c493a07bda0e760d8b078a80f811caf6976938201f12033f138f1a9938da65d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | b07113c79dfb60eeadd3f30cbc7eb98e |
| SHA1 | 1407964e2114680004a2d5a9b6b8963b4c8194e2 |
| SHA256 | 7f04360bee0b5729e5ffce45265f978e1b31b43c6e4e8bd9f78d6e3ceead8147 |
| SHA512 | 561025d3d3839f7e20cd74f647eabfc3321335907666ac386f3a3811fdd4bb927384837f998043c53a93c3f37be15db82838fdf601bfad0312791dad3d9ded19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0b247ab60c8f5ea59f96c1c27d0df86 |
| SHA1 | 9bd00a7f7ed0964b340748ca4fa210d3b8780c94 |
| SHA256 | bd715f1362f023722197254fd9e59488df1eccdd847591b574b9b7f44f16d738 |
| SHA512 | fb3fa6a6ddfe6859e192bc282c5bfcaf4a04afd987bd2bb51106bfb8dc7b800720f7f936a2f33f2a8f8dbba746be42c3754db0412406c3d4e28dedfaaec4ec5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | 2c9640168264c8b26436c821df4538bb |
| SHA1 | 9aad6ef1cd883ee5dcdfacf8da5df01acf1a288e |
| SHA256 | 25ccb44e103f335f6b4be0e5cf44af5a728e73dcfb6f0db36007105421a7a43a |
| SHA512 | 9f5bf7a7b54950bb59e634bd0f21e1e7734d759c595c389847ee1c7c9b684c522bc121929507ab5bdb52ff19ce64600b10378651dd032747d2832697550cf44f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | 76d4d147245ce8da3cf3a4aff0bc5611 |
| SHA1 | edf7b96b65cbe3e3ba82799502871c790d9ebb78 |
| SHA256 | 46d3ed9486f6c000d1e52b27979054fdbd340efe906522441306ea0c189276b6 |
| SHA512 | 631a6e44a0b135335bfd4cba07fdebd7bd688379f4012b0d3219f36680d1b735572e69601c631d9a1137aa615a4afd3bb91087d04bde887bd1a1130fe46c5dd2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | 9bba85783b45405129159e5a9ecd1a5f |
| SHA1 | fa5c21e12a1c1caf937465f66b392fdb8f406b45 |
| SHA256 | 8a089a9382f025adc8a53e0c628a0eff3aae04b0bfef90833bc82171901ee210 |
| SHA512 | eeed9edd4e460691e39afed72aedf38b199b26e6c0cb30de06ed1f5176ccfea08fb191dc3d69641ea84552829431bd7c8711609950be0d47348bb2f586800d6a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | d1d20d81b891ef40df9b263748cc0752 |
| SHA1 | be11c9028225e795f077ce0e0c818f267e31bbb4 |
| SHA256 | a9c661bb5975ba07baa64df7ff96a01629d5008c88653d3295dd18de93fa1c67 |
| SHA512 | b58b0638fb20f5e16aa8558338b662973f71a450a44767759c078f6cc445118bd10ba2bcd9b230fb90197ccc9d87ae1ed91b5c3688672a527336de2b72d48406 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 61c060748daca8556274bfabc587f30e |
| SHA1 | 05b5c3bd691071c2071f7864a15ba98f60cfacfc |
| SHA256 | d3a4273f83db93b4afe9c06918806d71e6268a4b8b41cee65e047cfaa1af548f |
| SHA512 | 5a8566c72fa10bf6380096f57f5b3c638e347d4b40adb8706a50f84095d0047c39e72f1fe413f05c819cee4f84b6208d9702e2cbdc2f52e22321bb204edfc4ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34825100cc89feb07aeefd16c0f8d36d |
| SHA1 | 480b5dfd83ca4cf06127e8904968ede462dcc0f8 |
| SHA256 | feefea2f79cb5c0aa535ef1ec74ab9e0db23c45c7c25da7fae96219cf67c43ad |
| SHA512 | 670697745a44847183d8d85644ec2b4933946a02ff46fa831cb904de89c427212db4995926a853858697571574088d433da34c62216dccae29a24df2715c15d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e765f1ca0a2cb9c76a546fa446d6801 |
| SHA1 | b56f8b53b1815d054811b21f41a3af1c89155c4b |
| SHA256 | e9d87242e3b2cc8ac5a5ee28f0d548702cf845a73dbf7b77441eb1e6d7fc7dbb |
| SHA512 | 84a3e29eb5b253ee86c3a94ed8eee69d4c2798522111d09a4786abc65852b093f0e1014de404515d50387c8dc04ca6e26d2db886f004b43717deb0d7c455f316 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb9512d1f96d79b242dbb04df7757644 |
| SHA1 | 04c0dfd0f7e48c3b503b4ce1f4f12d11e3c33da1 |
| SHA256 | 8a658f27a1755d647b265d0c57c8cbc707b96a18f7792648e11d473dd9a47e8f |
| SHA512 | b650f1dcefdaebf487b5ccb642c3b7bb598d9a3cf82a102ec998152c8ea8f96c2a2dbed6fe3844e2459be4f80b6f8b58efb19fbb0b548e0b9f6cc27dd514af53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c290cfc4c21aff639dd7ae4106093e56 |
| SHA1 | 3d450d9bd516e22755a2220b693754d2e73e7542 |
| SHA256 | 68a67386b2633743b5df228bcd7fbb750857e74837b1310da10211bc9018d6c9 |
| SHA512 | 5c7119f450ab0f60f0c72505fb48c8829f86d38ab6600f58a44df9b5528664fc8d42d55ddda9321741d2217b8b4ac33d792044d39d7cc3dc60c8ec41618ff48f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1afc44c3aed28705bdbed0b99dd1b90 |
| SHA1 | e5f3fc0c0ac05b24ff2d93c0308aa02134c85193 |
| SHA256 | 434fd63db1114acbcc9b549a552a1c3d9c5a15e3c74a042e530f8c8850d1cb56 |
| SHA512 | d1e57af80a4c9e47732ffcdc163bcbdc0e44614318d20f8523cd29ecbf14a2dddabd5c8485135be371262d150c1a20759d594d29327711d761707cbd868408a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3900562be88dca4e24a32fac995401ec |
| SHA1 | 9994652057dfcd2e062143ca0fa50c14a7e992ef |
| SHA256 | b3f559d4debed6d10f7d859a4e8ee12cd91b6395d0835d95608b226de07890b3 |
| SHA512 | 5f0380758243460012ef8a56d4da5f83efe614758bcbfd69ce7831c0b30947248eacfb594d91f3699cb0c003917334a24f65cc0f2d1f31d9f853d260c889f222 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4d870f389147f002dbd66660fc819ae |
| SHA1 | 26abc100533972d5f56eba6093489591e120cfaa |
| SHA256 | bb967ca9bf1932d6160f406c830c5c5d39e1ebaa4edeca5d0ff973ac657daef6 |
| SHA512 | c2112b3c5835cab10548f48e3f1208a5d65ecb3709c1067e12b397dab2a5bfe617734e7d1b9f92fee758dfea7c617e997e85094d7925127d56db3ab064e16402 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b5ce7696aef8f5852d393abd1b97e85 |
| SHA1 | 1a21c7e1dbc2732377525cb5c8a1180c0d96a2d5 |
| SHA256 | ae0a03dd6740208b9772fa1fb3ff6a17bdb26bac6b377fd4f4db9187574815e9 |
| SHA512 | 5dd57393f20b3d4fd9c16324b2e8e40ba5933a146e9bc578be4d128ce9bc694e7a30aee81cf39c613c9a49ba91f3b6b6cfa2d27bc433c0510aa903e5ab2300f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c80ce595a30510f56722b92bfc01061 |
| SHA1 | 375e4d526d99435e532b0286b2e126b22a02f78e |
| SHA256 | be854aab9ab0e68dcfb2930f483140fdd17573c2ef24af12a9ea96a07910c51b |
| SHA512 | bbeb2d49be446ddfbdd7317e995700fe35a2c33fd8f2e387707152ef3a210ff3603ac05c52d6d8c45e7f0a850d618599f26acddf781e02c427a1c1498ca6bc95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db495b8a244a4fa37cbcfbcb41a2c280 |
| SHA1 | 145281a3f72c99c0a2ed5ed9f10a6f39c681f8f0 |
| SHA256 | 5f226bb25d876f56b4b59b25b3dbdec9eee39f0ecf0e3b5e40085d6bc460c0f4 |
| SHA512 | 027c9054815487b87d165ec23447aed029c95106c4b41cea6c79d61bf7527973cd93ff31fb13621fbba85e65ed5efa8247fa49db2a235a5d0ec9df47a5fa62b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0e697ecc248e5f7befde61f0cbbb7e7 |
| SHA1 | 5ecbafa511a7c779e3ff1c0f127deb0b9727894d |
| SHA256 | ddb90758a9d9ed0fd3ebc9d6096d182968adb21dc640bd0d503f17ce48c955b6 |
| SHA512 | af39607c28ce62ab706fb7d1abfbc3bd75bdca6a4119e6782fb8338ab84e83ea7fbab626cf18469095efddeca4e31028591cfcd8769f040fc7217347073ed16b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 0ef05e651393263af67a0a2171a84626 |
| SHA1 | 1b666d76f5e92471bd56fe1174b48420d721b3a2 |
| SHA256 | ef09e71a0ab491abf32e173f9cc7c8018238c81505888de078bd60cf7815d740 |
| SHA512 | 617028d229526211108b92efcafb3ee75360655d513a3ad9894d26a0a583a832ebd77a11ce37e72dcb789d051ffc01e304dd70a1e86e084d0cff85a05bbe4d87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40585fa2bdda3f0263ea16f43030f27a |
| SHA1 | c1043712cbea9ad76a9bbbc6e1d49bc5b096abf5 |
| SHA256 | 027ff48dcf10fb6137055ae7e21d342e7cfa6950ce50e3444b98a1289693b821 |
| SHA512 | 9140194a4e644a67b3f518282fb28a41819df226dfa5500c4eecd28cd42a0bf126ad29a0d11a60e45d830997a504c742fc3446ca0934ce772aea50af20bad6c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 986af32a757a86d4d9fe32cff67f1624 |
| SHA1 | 5a9ff6d700ba4b9882ed51d0ed810287034c51cf |
| SHA256 | a2b76cd6db9c42de75761c98bc43a1994077063f5e2f0a396f03cac2eb1ade28 |
| SHA512 | 81c589a5ff457521103941048c1f4bc8c18f68b5064c432218121e2ec741ed367e2ee763d8785b2be2d307ecfa4d74ca83ad58e2a665664dc4172be2a3d90da5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c0e778895a0c15e31a8e2fe92c5ec81 |
| SHA1 | 67ad46b57e86b720dd153d0230bb3bdb05244380 |
| SHA256 | 7f1d5c94e1176c01c51ff4cc846a2d0756ba617bdcfa959d2c8ca3f63bdebf7f |
| SHA512 | 58abf6179f33164eacb749d55a86b05a84a90d88221dc8e2cf8aa79b066b923bafa7128e9c7cb8aa4cc72092f873c6a4157ac6744ea0fa3222be2787820658ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc0488fda3591c34800d9f32fb4fa4d0 |
| SHA1 | 8527ee6fb06912db54334c7086c12f7bdddd843f |
| SHA256 | 4180fa4fef226ca6ff0118d17113088d88d7cb4aada8d6b222104f318b3dff64 |
| SHA512 | 0c8fc70fb32e9104b545e71bb22510939efc4df4452ffbf31e3a48cc120150b2e58378bb603d841c0b39ac51e799c173d153eec6cc185b9aca859b07b931a196 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 65d289f5531d259e36bff7f6c69198cf |
| SHA1 | c0e695b939a6245f08e9f6037a8094d4eeb12ab1 |
| SHA256 | 6bd6744e6b1bbdd86ae95edfd860930b2322790ef6fe05b1e2ee1281d13d26ae |
| SHA512 | da044bf2a25742c2e97eb13ba2c9b4319fe60520d82ba2836fc702b173317835de77ad4ad6fbc26656ae33531bc8c1bcc6b7cd20fd9ed44308f579af33b0b29b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25a269a9fd91b1e01dc0a73d0d11abed |
| SHA1 | 4259904f273e45076abaf757056a47e8bad2a268 |
| SHA256 | 5c1338a4dcafc1198d8ede6319fdd3511869a77b189a23fc943b63a18d4a4ad6 |
| SHA512 | 66306af8b5669396164b9620a8a1e78799238afb21d2e2b8c204ce66e2ec34a27e8ebb37380467278688b02ef76da7d72ce31aeafce8bc2df7f982bf777dd98f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3dc858a82a82d2caa2d0ffff51c42942 |
| SHA1 | c8dd192aa9990d55e07bed4b1d87566c2823449a |
| SHA256 | 3f509071795ede44992aae8fba781f3e68db60d42c66ea109802b3ef18473ac4 |
| SHA512 | 66b901ef068fbbe9f3e9afae320fe0a7d31e7bad0219caf6b11df5857df57b764e343dc60f1faa67847b8e761ae76df059171f698751d2bbb9b6efbd47ead048 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ec072b5bfac8503c55b342175ef08ef |
| SHA1 | bb9d1c38e125632d2e4311f40e66cf586e4c5f16 |
| SHA256 | 09d78338b46233c58bc02cbf66c9c4ef7adcf4d78a59855c2d0b72ed5695ead5 |
| SHA512 | 174ad1fddeccdd7a407854d9c19f686cdbbb322027d2f3e68595190aaf191cf20c3c8ad9cce5d26bf374d1b67ad641f02d5fa2a5b4e199c11b5e7a4998a3ac49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d161e15188714beb52502eed0699305 |
| SHA1 | 8ceb750ff220a2679c081087b59b7f899fe42454 |
| SHA256 | f57ee8382e1043d8bb95849e6e35b0ed58cadc17edcead04d176f00530fcfab8 |
| SHA512 | 8624fed0073d7703182b4c6d5d8ac2f9445c3ea2892cfd11b70f76c7a4c09a8659a3d9d96533c014caf1240bb2de2b07c2079a57bc806e57f4a11c5670ab9753 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:14
Reported
2024-06-03 13:17
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
142s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91e99e1e77089f7deff89ace7918063e_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe40aa46f8,0x7ffe40aa4708,0x7ffe40aa4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,482010210536941211,10333675528588601732,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,482010210536941211,10333675528588601732,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,482010210536941211,10333675528588601732,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,482010210536941211,10333675528588601732,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,482010210536941211,10333675528588601732,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,482010210536941211,10333675528588601732,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,482010210536941211,10333675528588601732,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,482010210536941211,10333675528588601732,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,482010210536941211,10333675528588601732,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,482010210536941211,10333675528588601732,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,482010210536941211,10333675528588601732,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,482010210536941211,10333675528588601732,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4836 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.177.190.20.in-addr.arpa | udp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 8.8.8.8:53 | 85.65.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.11.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| NL | 23.62.61.106:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_4256_YWUMMDERXWEYGGVZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b9a649d7b4ee5e825e6c2c0e9f062dbb |
| SHA1 | c392052d3c60b750c7e86b98e5b7c8fc1797e622 |
| SHA256 | ebdc441d44f7670472df9b591a02aa9573e1795e12946b65d312d9e35a5561aa |
| SHA512 | 1e84511e2fe22c7e63fa284dc688f57aee0ebf00296a5e5d5cc1d3f97ab5cf88a81041685b81bb6eb3ed7b30d9fe40ea9acfa4cd4c98f0ab8672e314ee301022 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1994868e26e97bd2eba10419a1b23550 |
| SHA1 | 5807a3ea1773e4557e0ab46890f4b6aa0d492f6c |
| SHA256 | 3746f2a98f7c493c57abd9703a185016c95d655d174d971674b8939301425d7e |
| SHA512 | c5869783c5f36aa62ee2aab2c403f26adca58bc5dc3289691b87afc01721c402d64ae84642747dcc7a96a3b49eb807a0d53478c1dcdd44a9a26ecc87836b5fb7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2d367ce3ccded6b7ed6aaac930e19800 |
| SHA1 | e8215cc2c9f75bd357993b9bd3aafa8ff334a338 |
| SHA256 | 9ece4ee61ecf4354757a85f1f42128549be90fb22e8f78d6e204e0ed103c3119 |
| SHA512 | af0ae60373c1ccd93a8950a56fd80eef9802324ac7e69b2d269423904a5066bd8f55a068f0fdb3a3ea4fc80311484a0bac317c43c2c1ec3ccded38c2fe00f6a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | df45fece55a3f9b7ea72b54a68a69dbb |
| SHA1 | 1066b0f67eeb1d4ea85c3118df709b4d0c864d54 |
| SHA256 | 862729968812ba9a103552a62ed7e630e41cb497c850b291b0ad2ebb323e8451 |
| SHA512 | 4aaf0003064a1ac9c39072d334bb3b34eacb7e21af45b4a440724aab7b41f6a08b7ef6da8a7078b9dee1648997f7df1b2a076da901375445a2e365f4159c033c |