Analysis Overview
SHA256
f39fae1cb9737913f0855ec796dd14a982bc559164df1fe79daf076edcdf7157
Threat Level: No (potentially) malicious behavior was detected
The file a39490b0b12c4970a48c84202aedf23c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 02:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 02:45
Reported
2024-06-13 02:48
Platform
win7-20240220-en
Max time kernel
134s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000081fd45cfb2a63041a28245798d95dbda0000000002000000000010660000000100002000000073187b4e5187d29c8bea040960922af133566f0854921f78e69b52f31258804a000000000e80000000020000200000000d3c63bb785182dae2df3977b1989ce922e2b5e0cc0c78149d718db0d72fc36e20000000fb09d08479f8ca0aff895b78586ba0493337b7edcd92ea419c6d0a8c5b6f2c1140000000e48110644ef9dcf7dff6f760374d2f94b953eba5077653c718e08c8a2ae5dda12e10045f329c239757af06b132acf73a8d5a1e70d0dcd6e886bddabae64cce79 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424408618" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0B6AF781-292F-11EF-A3F8-62949D229D16} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0da24e13bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000081fd45cfb2a63041a28245798d95dbda00000000020000000000106600000001000020000000e1c155779569a7671d20f386930aa455f58d078acec9a2f8e2b95a375a7fdb1f000000000e80000000020000200000006178d0f2d31460a09ea6ece0ff7a67b5342fbe311ea185289f52a3c8437129e0900000004f0af3d0975f7b67a3828d7686afcd513659bf23f1818bbaf162d5905b697d16a3d7de3aa87c7215ef3e5d8de1d268961116a82583f04a682805ad39beac2522ebe60e3e3063362f286d739bc127da1669b523655aca7f8d2f6843c65dc66ab2b8affe5cd96aff8d2a38ede9adb0fb8a5b61bdf3dd4888b5a2f4e05b6f31403c4d90d7f104e167bdfcab683a55b8d1a0400000009eace69866ab13be5cc6920548bce3ba5103aff762982f029a6042a8e3d3e74301d365d003475c6a75e549d5771dba46c37e270d3b657c3303ce73c975bdad6a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2204 wrote to memory of 2116 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2204 wrote to memory of 2116 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2204 wrote to memory of 2116 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2204 wrote to memory of 2116 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a39490b0b12c4970a48c84202aedf23c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 216.239.36.178:80 | www.google-analytics.com | tcp |
| US | 216.239.36.178:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\936f26abd759555807b0105d4e610318[1].htm
| MD5 | 4f8e702cc244ec5d4de32740c0ecbd97 |
| SHA1 | 3adb1f02d5b6054de0046e367c1d687b6cdf7aff |
| SHA256 | 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a |
| SHA512 | 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f |
C:\Users\Admin\AppData\Local\Temp\Cab232.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar247.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | d3049f1a4b143f13261e38abab901109 |
| SHA1 | 1810917619ef7b98f40697c12f35a75575665f8f |
| SHA256 | 69df6863aa24aedecf107a7e2e0353d592c52a5905cc2833d824c2298733e9d6 |
| SHA512 | 6af844057e960d6f4165f297891b676492281fc4abdd7346a220b1972124fabe2a9e0f7b3825c9f67c1ed885262cf6fb994c4dcd607c1981005291a240b6e958 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar341.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24c765902c2e2ef82cf7a0847eae04ab |
| SHA1 | e9e11ff9f7a71498e1c877c643f63137e728dbc6 |
| SHA256 | 53a241b0ab020e415630b1e700fe4f23d74def06d6cc93a4b2cbe3566b0c1a6b |
| SHA512 | 8f22303f0de5146db4237fa638ec84ca7c437d1ba664fc1977eb8ebbd3811172e6a77616d7d8db3f474085a718b792a65e5d039e3586043896ca0946a10ecf04 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fcf6c19e889151a2330ad2de492ee7d1 |
| SHA1 | ad1a6d67fb495d480de88e9eb4d19a26cc178be7 |
| SHA256 | 36cb143fb9374a4d274a35a17d3e0057c18a96dde3fe35b095f26cedea6e0dab |
| SHA512 | d7a89b49f5617a0270d843b2e5250170b2577bbdd934e80a7787260ae8dd3c2a77a4eae0aae5cef94ae59c0f20fdb53d5999fa4ca30b4e5f48320aff32335e8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | 2c7ecdbbb063ea5981f2aabe7fcf9ac2 |
| SHA1 | 5c92e25fa96ac7eb2d432563ce62be6a11dbd232 |
| SHA256 | a6420b0e8db153c246988af7382bb94364fe491631d88ca68f800e83750489c4 |
| SHA512 | 8d7258ae557ce5f5fb98fa4da2f55036df3ebe308392f656a1bc21cf09f0d335ada0b44503fb523b16e8067bc7803f7e20e5e05bdfcc9b4ef970e763975b8c93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | ffceafa8103c064fd354540990869cac |
| SHA1 | 366e855c02990e4fb8b74c9643426e692e6b627a |
| SHA256 | f25ffb9318e841564d4ee64fa45429f9bfc020b479080a7d328f3a7532fb9721 |
| SHA512 | f276c0e42712c3aa014de02e5d28020a2d037606881a04844d4d0301c534df2c6afb168d09f8e1d0212aea365e9d8abd8f6469053ed070a16004e7b3edec1aab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 5fbbd11da1447361d95430e07018c9c3 |
| SHA1 | 23934454aa9c6076fe25696a8223c63ff258f496 |
| SHA256 | 9018fa7df4d8c5ac5f77c69f1a33e696bbc91e2d44a64d3b81274c510242b2ff |
| SHA512 | c3d1b0ed8493b07dbb496c8369c34011c9cd46c8020f9a693aa807baa5e375a09c0d633f14f05212d2e6ac7c4802e69bc13c186eb95086e0220a26a5523f4b7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 62d5f371951df73daec876491c5d309c |
| SHA1 | db1dc9491f0e8653460cea26416de35cb213102d |
| SHA256 | 8f479da8077295135dd926da75be64747d56c1edff7046d51c145752aba0f647 |
| SHA512 | fc7a19b4d81df84a0df0badae024e6a99aec6f5d3c5fed8341d49e6e91eac4b2ebe52fe4b29399251f6585d2c19a0fef00228e5f2eeecd6a972a8ce633e393ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37c7c85073d1b99b8453a441ed957b09 |
| SHA1 | f295a7c40a766444c6f5e56e0ef845d5d83889ca |
| SHA256 | 8299eecd53b123c652ce10f477aa786ca54da9906cf3069134d68cf5fe09f5d5 |
| SHA512 | f5185878159909300467e90505354038410fb8a7bc1d39d5dd6294762e4d7730a62d345c8cecf684b5fa7b3334231c06cba10928e2937d0bafb4a7258fac4890 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e3e8ccef0cb17061d780cfaaf506094 |
| SHA1 | 6a8a5bd339eb9b25167916fa199b39318303d02b |
| SHA256 | 088f350518bb1a8f5cc4286cc8896c3b8f5f2b3f9a3e69302c464aa14686b563 |
| SHA512 | 4dfa088a5b59ead0e9c38aff2e829e402995ff71dbae5e691b72043a812f3890aeca7b3bde3bd98cc6b971a38102ffe499566ebc8a752aa57075c69fe32e1426 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3c5046bc349737279fe89644ec9bd0e |
| SHA1 | cfa09c4e29f0d3cd0afb8679608d120fb9c84cdd |
| SHA256 | 6402ba2c1e3f7922314222ee17478a60375b7d8b076a77768111c046b0501350 |
| SHA512 | 05ab8f8ae6198d738bd0331d46e383c6eaeab4484644bd1e7ed3e7ca08c769be51ed289f1e486f069ae486789eae196f480674a00f09011088474abceea97343 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea8c33cdf2a993cbe59cd62251950ace |
| SHA1 | 13adcdc911a7896e6c57290928f61282ea81369b |
| SHA256 | 41813fa8d2093e0372af901b1fb62907a9aeb4ed3b38b99adce05eadb603090e |
| SHA512 | 0108f37a8ba37791b82c5a860e3d5202227ec0fa85b08631c43bfccac1e4586451c7d98fb6f2339c86829f585cc74ff893c73dae420d100aba601f12739cec0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1166f3c62a6ddbd7ca3a8ca4c92b4f3e |
| SHA1 | 50f71d69a3914c86080f690c195174e81f0fb992 |
| SHA256 | dcd315dee0647bb88d5ef7e863f48a09697a3f7d1fa69f9c77a828981bb85886 |
| SHA512 | 08e249abf51de87aefaa1fa39cd19b87b616410210cb890e8ee1260c67df2e339a70cec8a04236500bf807a7c200ce27698f35b41aeeaf738be7539372a67cfc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 504c8dddf72bae9b49a62951c2adff6b |
| SHA1 | c30cc21ae913565d8d832db87dd79303128fc2a9 |
| SHA256 | b8a921c09652ac92706c8570210d2532dda260fb20151b3fa8fe7e8951d12f72 |
| SHA512 | 88253653310f6285f55b0f6dd88a8cb7f84d12f59b26c776de2c32ad2f431b17747da76107e4aff7fdd9b80c76ec7aa2291093823e8c77ad350ce27cb3886768 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1d5472e6321c2aea284f6543ad46937 |
| SHA1 | 3ca079cfcbf3557d7e44e28d1c897623fb8b9d07 |
| SHA256 | 16d8d2ce90dd247f877e2dfd970e498b609c38ecb40d2d92b60f570def430979 |
| SHA512 | 89d8454d3ddafda801e4484964f652db0eb1bec480efea64db527c302123e9ff31ad283b0a5f36858113cf6f7b79e7b5a74a092d86e1244d2d6d8abcd17a4d67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39ddc71c0070237671e83780267d8516 |
| SHA1 | f6f88dd52b48913bd4561aeb8f422611467928f8 |
| SHA256 | d50a2011f5ec8dc589fbaed70fa7c124a543e75ad142ea64718e4405e194912a |
| SHA512 | 29340bd19560604f27c87f82f2db60ee07a0fe7b1f0690fc4052f5292c768cb7e31907f3d9924b8b285409d1ec86a2bbd9b7a9f90c84aaf5f577aec31edbeeb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c8e5dc789ede7fc7429eccb97fa3854 |
| SHA1 | b046d54c30fc514218ca8c43c05639875e8114c8 |
| SHA256 | 0a5c2682701b9a7c453d913d76b438b241170cd8b7295e3ecafbd9111c9f8ca5 |
| SHA512 | 8eec2539f6d417da7771f7ff21055f5d813658db980ba81a3b3ba97c187c3c642d287582314c201205ec63723f770ccf4f49c52f936bae00c11f836a5cf2f4f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e7b6aa3d4c5dd7b97360e627d7ca307 |
| SHA1 | 34ac640a7aafe808f3f4a70829851073e20eff2e |
| SHA256 | 90c8634938c77fd3eb777b5273caa3614763d3a1b5dbf26a2e5fa53893c492e7 |
| SHA512 | 4ab4aad5385d3c099b35c13f962175bb7a8ae863725689639871e4fa8d9bd222c9201cca3aa2b5466027e75835f550d17d213f3697dbdd06e71b38f75aa4e225 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82d1316666d5e052d6114d2600c972f9 |
| SHA1 | 4da9f672c5df7a37db0d3c555b2ed15a8d14d792 |
| SHA256 | 1f95e11eb6895fba79aa94fa83081a0e9b6f1e6877e1f6e2556be992367bc958 |
| SHA512 | 50b99aeda469898a903d9cb77926c193c0e94794ecbc4cb12d5121a88fc32396c4c030f47a69a737c9191482abd417ff46622d353bedbdf88c23a10f6ea6b8cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23f8e6d57d002ae6a78c70581efec326 |
| SHA1 | 4e8032f58a0209d0851b55c3b9fb44a6656739be |
| SHA256 | 607ed48b3ba6d71d4d0b3506da430577e66ba3803e6c5672ff5fc0c679fdbe57 |
| SHA512 | 872383e674cce917956f041ef00e52c685da60427195a215e573e79e094008724d96d98ec1997f3360dad4137e0e911c9914dfb868a5760e620b78f2c34f9b2f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 26c5696fad6d1967de042fac8767053a |
| SHA1 | 830f8ae3bf31206ce9bb58a0c668fe20f5015249 |
| SHA256 | a7d54136d63941dcd899172cbb5d0c6bfb3157adfbeabf73f56d046882dbb416 |
| SHA512 | 728c9e5d5bcb30cc879617a77152e6805f4955e3a53945bde7d4787e81b9ea4886b3338bcace04101d75d6f9ffea27762baab9ab7cc4c43bc218fd4886ba1682 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5469282689fbd21216f043eb791468e7 |
| SHA1 | f8e7c577de5cac4887cec50b796fb56329a47cff |
| SHA256 | ecaa4b1c48f1f08c4eeaf348b5213dfe5104ea3fff557c6f44c61b226026a21a |
| SHA512 | 68284b8d36f106afa59decb2ef5e4d2bbe5b8bf2ac1bc8fb755e974863e7b23faa8f9e883000e8625f4eec3aba68e66767f4352e9e3f73c759ad947e14c9a139 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0a8ea455adc95a3b3d4bcf29291cacb |
| SHA1 | eadf60dccb28e654a9aeed4f84ac8c4b054b15d6 |
| SHA256 | bdb1aa3d4964f5da3b66d043bd609266feaa9a5f9589c63f83a487e2da39895d |
| SHA512 | bfacbbff287e05f68589f1b68bcae3b8ad9cc7db33eea60437839e12b9da97f50630a10fbb3c9c54cf53c27e34a305fba0688c355365796c9a5edb31fcdf8f1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2b077538b06210f62fe11becb898261 |
| SHA1 | 62e0dd5ede85338a150bf8d51ef5e120b3e5ebaa |
| SHA256 | 26553f427f4d41e165b132ac883084516b22fbf3ad9268bfdfdcc077f96148eb |
| SHA512 | b7be3d79f582f116744148c61029a800a85e03879867d30ba6e01bb48e5e64643ff76ec0155429066c30a867cb10c7c102eb09271d6bc3af5615d13d38f82b97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88e8b3319fb14377e9c5903da6bc0acc |
| SHA1 | 8ed10899c9d1a7a7071a8e969cd5fdc6320d26d0 |
| SHA256 | ea471214b42f893b510790b36aed6d29d3f795b4d9da7a3e8cf2fbe61993d689 |
| SHA512 | 29d82d3cc8d6f0c2f74d52de385f9fb106f5e6a3c0ee673c67183513b00959a5df3d3a9ccd14f4ace805fe36eec7351be5a2fcb623b8f3448846043cbe1f8cd3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89f2b5d3520349171937188c727eb19a |
| SHA1 | 30bc8d94e6d88c3f6f581265e17f63ddce26dfd0 |
| SHA256 | 86da5c6550bd4031ddde77d6571d42bd7d86ebb6928cd29e6d63f91a117871e8 |
| SHA512 | c39b4391eaf303faa66c5db7a7acab2e2716fc91bc778e7b07ff10900b4c95510a0b912ea75c7b1d2d1eb814cf4fae9ea56f7aca628536e355da244190cfc7bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f75fcd7fa040f6a39114477d58df844b |
| SHA1 | df43fc28983332500bf396ba108f1768d9343dfa |
| SHA256 | bf9e780935f408a6c4c153d33f1a54bdb4f79cb91917f2e6421621bac60a8f00 |
| SHA512 | 85ca5f387e89117908683f731d21617f53a6cc09759406a2115862e2eacb76048cbe358d827e5695d211bec351d38a45b3ef930bfcb50141d648cbf57e00dc2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 31c76eddd5d9dbb5fb66342f201b2f85 |
| SHA1 | 2d470665a8f613b8c6836a15fb20b4da7257782f |
| SHA256 | 87e7afc48b1f709802026be72af699fcd4d81e46d6c11bcbee129fcdcdda1816 |
| SHA512 | 23bab74415494b44ec3c92c4d2261676b0286d50e6380484807bdb34e6571262be0380225971aacfc50e8451c72aac89f5016bbb20464d9e9dd000b6c43a04ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb462ce52073deff3e5a7264c0a2af8e |
| SHA1 | 45636256cb4bb61a44af949fb9472edcbf7e8005 |
| SHA256 | 345202babac97c82e0c8904159746207c51dbc3bceb6578214049006123ec4ea |
| SHA512 | d97e6e5eb84e2ae3e720f7e802e23d5c78299c9c8c697928e16e7bf7027de02f9ccaefcb6d4c97eac9f02300d16474bae4c59e4a76b8a8f2f5419a6564103053 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 02:45
Reported
2024-06-13 02:48
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a39490b0b12c4970a48c84202aedf23c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd092d46f8,0x7ffd092d4708,0x7ffd092d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,2411496847472116286,2137968052703854270,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,2411496847472116286,2137968052703854270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,2411496847472116286,2137968052703854270,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,2411496847472116286,2137968052703854270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,2411496847472116286,2137968052703854270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,2411496847472116286,2137968052703854270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,2411496847472116286,2137968052703854270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,2411496847472116286,2137968052703854270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,2411496847472116286,2137968052703854270,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,2411496847472116286,2137968052703854270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,2411496847472116286,2137968052703854270,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,2411496847472116286,2137968052703854270,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4312 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_2560_AZKWHNHMBGNLTLLE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e0f818b69e4eb48ea2ff09bff70c3750 |
| SHA1 | b669bf0236713ea005603d62fcc200b049a776bb |
| SHA256 | a02e98d05dfe3d08549f19e8dccb08827b7d3f5271a03b34c4e0ad52a6da2d07 |
| SHA512 | 0f54e750f15c799363ec73744dbbe33e99b1072d265a279306a9833e6bdf5e42b62eaaef5db4cf12677ab6a6ca756d7cc0f81f997528cbd703c601b8d0047875 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 80f2e3ca7fb1fe9127554efc690e0742 |
| SHA1 | 4746cccc86071499096f39dc7d8d8cbae01557b2 |
| SHA256 | 550a14d3ef125e244216ebe95319c5d2592d1ad73cbdf0e141572ac637f6ab29 |
| SHA512 | 1c7332e1fd1130eeacfffa9c4c06812ecad410d5a6a41f3504775c967b97045d13db18c48b109119d2fed4f63d78fde867c5c5677bfe011befd95aae72259e39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9fe8baeb245298e3d0f00676c2f25c67 |
| SHA1 | 4c672420abf525ce9ceb8cbe55fd04b209db8148 |
| SHA256 | 5dc4bc118a99fb8a6040c24d7811ae185e62334830c549d8bea6a1e8c4b2248b |
| SHA512 | 9fc62396eeec0d948025f9a23ce41fd45b215b044fe8d63957c2640469b2481842db1b274c3ecf95d5848dc62114b401466fe113ae692b1c29b40f463d0d4220 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |