Analysis Overview
SHA256
3d26f2168ad1d5b9ee3c5cda2f624602f9ca7611cb23654d7cb02f9db2d93535
Threat Level: No (potentially) malicious behavior was detected
The file a4807d42e65dfc62bd3e4bea39ce0b05_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:51
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:51
Reported
2024-06-13 07:53
Platform
win7-20240611-en
Max time kernel
134s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426935" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B12BCA81-2959-11EF-8132-FE0070C7CB2B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000bd10dbe288f9f605b16a0163c003c6bd79258a8d700a0005e6725d252b165e22000000000e80000000020000200000006c5120af8a7864a77df0a584a707794a01d8a265c10826ca17169bb43854e19820000000bf44e3ee83a8767c2a0956acc4643025b5ff9011ba1ca1b1761349eb1f5a0752400000004c5b737446a3d826278044d07fbc85d5405c3634afe9ab30d5beb5d4815216e0e07daacde8262a7ccd71b74808de03929abc1ad2f04f6fcb19ea34fb23952101 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9022ac8766bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000894eab85d861cf566825e35b5ba97565e3b2b0e1872f35d36707a8b34f5167ee000000000e800000000200002000000051708a298a0441bfe7aaec7e00ff52bbe1da25c6e573df310b0061cc10fc88aa900000003db0c0e9e971fd0b856c17ce7e1ab6ad7dc06554403d945aed86f408186ccd3e49f21b549c682f1222e38cdaaae794bcbb5f9d851c67c00301a937c89a15d8cec7369d8c978c12a7b9b4952b3008cca899f7219e8be5c2fd0218c0b8dc71bea34b852d3d876433275ccd53b47ce6e37f92d94e0a74d0bee81d04c15aba8ba5b5585f343b7e174c27947a918f745d3d4040000000cd9d2379ba445d0848850181ca0d8c97cde60273d9214df483b607acc9db3e8b1fa4ccf0409fdd4d8f48c3b86ee61ec4b7d93c054f91f69a9aaba1f6c205d96e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1696 wrote to memory of 2808 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1696 wrote to memory of 2808 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1696 wrote to memory of 2808 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1696 wrote to memory of 2808 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4807d42e65dfc62bd3e4bea39ce0b05_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1696 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DODQ7AEY\b71d23686a2b9fd830dc8796151752bd[1].htm
| MD5 | 4f8e702cc244ec5d4de32740c0ecbd97 |
| SHA1 | 3adb1f02d5b6054de0046e367c1d687b6cdf7aff |
| SHA256 | 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a |
| SHA512 | 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f |
C:\Users\Admin\AppData\Local\Temp\Cab2FC9.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2FCC.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 9e831e70a969cebe0357d26fde516931 |
| SHA1 | faf929ef722db53d404d7bfd86fff8f0f273a7f7 |
| SHA256 | c29ba1ca7924ef62a3cb8c4971973e336865bb9499c76188cea49ca766b3c954 |
| SHA512 | 20f9ed7b33799b79355cc128c8933d31edb72791c6704af1ee20fdac0bb135beeeef347297015640559e85ac21b4255a09929523f4a8c5ae8ec177d4b7d05398 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 2e981e32f049c4312b101ab0e880f1fe |
| SHA1 | 27f2ec68102ce9ecd86ddd7aa9d4dc81e8e6c621 |
| SHA256 | 4758b5ef2afa12afef9ecf08766ff7811ea0cbfbede5e1ae636d1e29a5810694 |
| SHA512 | 9b13c7fba03a1088436f7043c728e86981229893a6dacd914c534eb1bf9a5c1bfd42f65e23a359b8cc48bc2020d92278f2e22e99dbef0c7f4120b6de80f95258 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92b5c48cc6edf09a5d0e8a5aaefb7901 |
| SHA1 | 590e9a233d8b582f6d257a7dcf79824f6a77d5e3 |
| SHA256 | 283675411fb042e5db6dbd67fcd164c06816794edad5db4f60873c65ff96eae9 |
| SHA512 | f53eea39e5d751e97290e7742bd745536a6fdee4bd2202854cf41e1d350169942f2913a738f140748393c4e6ee3524363be9988c5fcd0ae1b16a2c7c6a6b3b05 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f889ed8be1e1bdc065548d675b235c7 |
| SHA1 | 485c6c12b1d28d8cf23f02965edd49f3358b636b |
| SHA256 | 394bf7608e579b9a6deb935f3f3ec0d5652f81acc2c0c3b04fa170aeee10b6be |
| SHA512 | 6fc414ea807ff11fb64d2df89772c8ea7106eec8ab0b1ab6838a47ab8eec741cefe706e79398673cf07a65d6d63a083868e1d6f157fa5d79ccef55417445f90b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | 49386cfff073d9201b384f82e492d1a3 |
| SHA1 | 43d9ba2708fead92123d6eb7b0c0a1ec97bfb8ae |
| SHA256 | 2d4533696fe6bd4b1432434752d49bcecf10fa6482846896c6aa4af7268cf21e |
| SHA512 | b777bf414b5b52616f9626bcdeffd5e28a15dcf61b120ef7460763137a82c1cc882a3433f88260c4b76a9ce4e95b933d4aec2995ddab7c741b23dd0c655dd4fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | 2c7ecdbbb063ea5981f2aabe7fcf9ac2 |
| SHA1 | 5c92e25fa96ac7eb2d432563ce62be6a11dbd232 |
| SHA256 | a6420b0e8db153c246988af7382bb94364fe491631d88ca68f800e83750489c4 |
| SHA512 | 8d7258ae557ce5f5fb98fa4da2f55036df3ebe308392f656a1bc21cf09f0d335ada0b44503fb523b16e8067bc7803f7e20e5e05bdfcc9b4ef970e763975b8c93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | af666a30f1683b68c794872baed54d62 |
| SHA1 | 3d19971edc52115e4b991f0e8c9a666dd7b8f947 |
| SHA256 | f27f3d9f90cea9551799b91b8b50779f6ccdba621e89ad6035b46ccbdb812eeb |
| SHA512 | ad1eba6aeaf673da43624809c67103042a520ebd1cb71398e13786ee43ad82e90b93fe1ca9fd106208a876e69d17c02e9b38336be07fc4950d7b06bad1c7dbda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 5fbbd11da1447361d95430e07018c9c3 |
| SHA1 | 23934454aa9c6076fe25696a8223c63ff258f496 |
| SHA256 | 9018fa7df4d8c5ac5f77c69f1a33e696bbc91e2d44a64d3b81274c510242b2ff |
| SHA512 | c3d1b0ed8493b07dbb496c8369c34011c9cd46c8020f9a693aa807baa5e375a09c0d633f14f05212d2e6ac7c4802e69bc13c186eb95086e0220a26a5523f4b7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a1280d0aee2f7c06ac2d87cf7fb4323 |
| SHA1 | 978e90419ebd89657e1030ec99164858901f1114 |
| SHA256 | 38f6b58d39f14bf7be8f40b65afdfe92115ff7273d4a9a98349f42728406b87d |
| SHA512 | f368fa83866007f8978fa19901c0770f4907144dc94189b6028e34200d95dde26ec0329c99e7a546934db32ccb6fe19de69a3c9445dd068940dd10d11f90c163 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1bebe8beee380bcc9828573715a8f4c |
| SHA1 | 2609f79bf5d547e79cf1ac1c10525d9769af0660 |
| SHA256 | 25c666339ad56a5ad0d52d84d3c17ffd678c8ecea263deabbb7796aecaf4d132 |
| SHA512 | 415902b3ae9bfd0bd9e1a4c47444a33756d29958c873a81b9a9bd3a2a646e3d5e908b48d45e469f2daf5eb79cbd40cb404211730bc6bda26485d2f7f2fc6d9fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e0e41cf05f64ee8e8e1206ba727e58b |
| SHA1 | ae0f586926c82eee16a2629e69fa87b225e4a9ec |
| SHA256 | ee3bfdf023c6199bcaea44fc2e7a5f41e0b5d5a454a0f6597b7f0fbaf24e6ebc |
| SHA512 | 949b22c5be03c8ea6d8d4ff28f84130d627cce1190eb60c476f41bb3f8e5749533f667e061856c056959ff0c8263bb7492f404b9f7843645e13ecae054011af1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60b373c6db274cf98c0629db6f50e55b |
| SHA1 | 4d2b9110f4df300770ee9592fb7bb28793919134 |
| SHA256 | caecf08b54e7a8dd0c7d4a2f4a4a96f668a70ef59feeb770b11aebce37cccea3 |
| SHA512 | 22d5803a02b16e85f0cd1390cbcaa1347bcb8f71800fdd17051d21e3d4d6c691862088c041aaba556dd44040a64cbce4f9c5fc8dea3aaf379f1f8168a4345b52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d67557e29813a81e3889b068fae9f473 |
| SHA1 | 94d3d9a63ee4cc6a662c5b92b19b564623034ccc |
| SHA256 | 844addea345d4e35cb6ff528c7879a77524b3e9d858e88633c02b097cc2ffbdb |
| SHA512 | 05ce7ae745dd69e1b968f422f09bff9a14365110e467153a61e6ba6dca73632939d909f6520569e7dcf9840b173fa7ff0a651b68969baf2b847c0334d52b9f50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9805c6e2954d1e27a4f65391b07dca48 |
| SHA1 | c90f13439ef42690a06bad37a229a328352b7876 |
| SHA256 | d940bdfc599b32c9c69743d9070b5c2a000c2cc57f1d2a8bd1ee7b093c946579 |
| SHA512 | cde512829dcaf9dc43671ef0ca998cd3c668899a082805dd019c54a0bded56ea2ce1891948ab271b8ac7eefdac3eec9e636c56690a3d3857571f4d2740c77c62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04342812d54cfbc9691fa68d95161deb |
| SHA1 | 594a51edd861d59df3459a6fd54c01fe4d9c1e41 |
| SHA256 | 5a17a50bf3312b4ece6f4c943f034597d130ecf608cde4e2f6808e22ffff6b11 |
| SHA512 | b9003f3291a7fdfe2a9b7b451322e27d237583f9360a1cbdef1ce74a6e093b5feed2fd54f9378a8f2c1739ee62cc4e7584ae488042d1fdf272aa0048b2ffe1a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22adbff058222ab4e6fdd50b93b2ceb1 |
| SHA1 | 7774698717ea00f63833a9c4e6220d94c5d4b3b0 |
| SHA256 | 259ed22a85eb83a294fd1d5186d2f9392dc500af89155523986b6c526e53b56a |
| SHA512 | 9cfabb68578ac71fdd43084037cdefd6f2eac007d9421caddc49fe86bf6385e6fb9fa1785aab03d1285712f6beccf90ce81ac1acef29921a33ef8395b442b87d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0927606302f07ae175ade33d090175e2 |
| SHA1 | 749a4db5fe150c48df69df12ef96d6dfde4acb0e |
| SHA256 | f50fe8802c7625fd04900526dd16feaea4c515b3f8bf200e4c203126f1b248b6 |
| SHA512 | 116ac5864e2b060516a6514616b087b8a3d5aa7bc637bffe111a4376a0b95fd81059f6116b2e0114aaebe51430840e0b7ea2ea09e226a5a7db6c17c8aaadb036 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bedc31240c87b28f11b0cf5714db47d |
| SHA1 | f00e47f7338fdb8c9166115e7c96ac3e6f16c0e8 |
| SHA256 | 813089a8a135f13908e2c938e5f96faf252990b67da92b3976524bbfe096ed3e |
| SHA512 | 92dbdc97dea84f50ecbe58372d40a681dda6e499e5172c2bdfe256bc818f7ce92a6a7eb9a2e9da137b9762dda0c259c228cc2d30f0768efd2629ef8a2d841ce0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 401e081f0d171790cfa65a360e003adc |
| SHA1 | f6ed4da7bb02d60d58acade03e765c94083a0b38 |
| SHA256 | 5ac6d9772058c3b9bff30cf567c7a07ce103342a92df29d0698d5a6ec2583580 |
| SHA512 | c45587db73193282ac30b3180e908783b59bb24d1af98f018a0e16796a8c56923608a20d4e4ce284b4def618937d00f3701fe94a6085cd5bbe7b8fbb76b0b2a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c82869ee7ed50eb29115428a39ca64e3 |
| SHA1 | ef93123e9dfc4f8800ea0a7bdf064c282db003f1 |
| SHA256 | 51c364ccf7fd38ffb6e2fb19482aa3e95fce387246c01dfb58bc4314ded5ce6d |
| SHA512 | a0ba69a2c732ec3a56e4a49c20d07061b07aba1a8066fe245cad1e0882a03284df2f2d688a22d1c047a201eb969342988e29cc7833e39d77af74de965c92d328 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e67181e99a033571c476a234ffdc1fc7 |
| SHA1 | 78e56379cc725739c991307ade5476ca8de09323 |
| SHA256 | 43b1855aefc7108ddbbf4a60e7759e3fd27b00a7031cb94d0d7432dcddfda34d |
| SHA512 | 48347cdded35e4de024a178ae08511ff7348014ecae75284b0d2d44d30af46718d1f1397917a3577e4ff588472e1715986d82b670bed1982a4ce88dd09879924 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 26833ce5dcfe7156feaf2de758b3caac |
| SHA1 | f1ce20d28e9f416ac71da80a3d2b9bd85c890fed |
| SHA256 | 0c4abe7c2e4b5112c965a36c1120b102467c5ff363a59608d0eed5afd820d4a9 |
| SHA512 | 143a72aca4462a2aa90799c5ca43bf1e2354d29eda7fe3ccc6e63cd6794dd22b2d87f8862fc3f8fccb5792a11f9168d6121d97f0497eb7fb3b0af69e92a85eb3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06f01f580b11a93b5ad577b9d919ef1b |
| SHA1 | cca60aedebae02e59d72dab07d980a98bdc4f362 |
| SHA256 | 39d05264558449313ddd3af5f64171acb388cf7f43b64e31409e4cd3d3803421 |
| SHA512 | a6c967c58d5128920e7d36fe6401e5c974801ae00538ec6a8322088c5078bfd631cd8b9de4535952e8b09284872e3e785c373eac252e923deff3a21e1d9faff2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27f157aac0dcd9c41c97d73c71ecd7af |
| SHA1 | c8e9f0ea54d14432930c0ef249e0ad7a51e92061 |
| SHA256 | f45342fb50d1f3c8eed20ee19a0c6aa43fb37b3d336a6a23c3f3d747b33ba4d9 |
| SHA512 | 6f8409dcbd82eef5330ff684044128cc05bad404734c67976afe8693349f527b65d93682b7442e8dc984f4e4c6aa991e5489dc5f02e1f98652eb3b5168192977 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a540b815d00f80d5711941aae61f9f8 |
| SHA1 | 34b8b27c610956d0fe890118683d6dc888c8d157 |
| SHA256 | 5e000a94354003e02b548942f08974dadf7259411a298bbaf7fd2a32b5c987fd |
| SHA512 | 920ba5001df96aceae76fae7f38b6b1e691082f69dde351149129dd0bc5831cc6c33a8d11575cb338b86ba0c079eed9059fd3ca822b385f4f971d77ab7aec075 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fdacd69f032f430c32613fb8e4604d54 |
| SHA1 | 9631266eac62c4a3cc68c0fb797ae29889c51abb |
| SHA256 | 5e23a8a3109cb8ebed071ba174add2297082650f8987cf2fa4b3bc12ac76142d |
| SHA512 | 61fa49293f00aefa0383f1ebd0478858f20fc4d682f199a4e956e05b789de4364689cbda42af7eda24bd6b76b5bd4a055e6edcafebff460490a87bc9e3932c68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f1224f938976b96b829e152ffca98e3 |
| SHA1 | 4c9d499c9a77b84f5e54100bc05d3bf07cea192d |
| SHA256 | 553dbf7b2492b015e7c0beb0f90e76935c40042f6181fe464e5c4e0a70d077c2 |
| SHA512 | 4e50977c783e9bc79fec68b249bb18d5bc82fe14dd1efdbb73ed7bf964e1b59ae5c6b602c6efb9447bee54d97ab13bc33abb2e30be8a8f0ca344e1a3bfe47740 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 124b72360875dba89bea008ffdb89b1c |
| SHA1 | 188353ce91e8a83b4562f3e12601689283622d40 |
| SHA256 | 274f60ef7de382ddf081927040fa5452428ad942318f97ca786591174082992e |
| SHA512 | 82eb730f2723be3549af9448dd4956114d45eb04b4f99d9dd8f0fbaecee43b4a76925af10d0beb3180456671387f49b851df881b158d77550ae5b23b70b278f2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 07:51
Reported
2024-06-13 07:53
Platform
win10v2004-20240611-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4807d42e65dfc62bd3e4bea39ce0b05_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97ed846f8,0x7ff97ed84708,0x7ff97ed84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,6949498150169257025,5596928469396562725,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,6949498150169257025,5596928469396562725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,6949498150169257025,5596928469396562725,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6949498150169257025,5596928469396562725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6949498150169257025,5596928469396562725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,6949498150169257025,5596928469396562725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,6949498150169257025,5596928469396562725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6949498150169257025,5596928469396562725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6949498150169257025,5596928469396562725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6949498150169257025,5596928469396562725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6949498150169257025,5596928469396562725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,6949498150169257025,5596928469396562725,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5468 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 131.253.33.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 97.166.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.160.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.33.253.131.in-addr.arpa | udp |
| BE | 88.221.83.249:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 249.83.221.88.in-addr.arpa | udp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56067634f68231081c4bd5bdbfcc202f |
| SHA1 | 5582776da6ffc75bb0973840fc3d15598bc09eb1 |
| SHA256 | 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4 |
| SHA512 | c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784 |
\??\pipe\LOCAL\crashpad_4940_VYESMYANSKXCJJEN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 81e892ca5c5683efdf9135fe0f2adb15 |
| SHA1 | 39159b30226d98a465ece1da28dc87088b20ecad |
| SHA256 | 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17 |
| SHA512 | c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7d45f05ca68af41b4cb4d5595b09fe49 |
| SHA1 | 1d2e5c3cae70839241e649caa80c3cce29973e83 |
| SHA256 | 5c3414f023fcf343aaa4199923d34355d89b03868155999f20abb406d7497072 |
| SHA512 | f6806cd9d313c6748dcdab688b82687f9b59c2b926f97bcfba24c76f953442439eaa6579ef0fed7ed9be4a446631a7b5f2d77558da9fc963c93184fc6aa76dd7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 041d02bb6babf41a19caf777fac31233 |
| SHA1 | cd7fbe693ed3aa7fa47771cbee3a1ed290d93292 |
| SHA256 | 0e30f42e6107518392e884aaa55d8983586ee5d500854a3bb5d67d099dc3f140 |
| SHA512 | 86661e257c0463eb0ac57179fde20941554b934638a519b308cbcfe8e375272dddf0b2550563a39a2753c18d1bd95c4417a7dafd2561b5affd9db12354808cd7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 62a6ac5d60a883afdf1ba4b67f718ba4 |
| SHA1 | 35e64caa18cb3ba1ef5ca81d7675a740d718f820 |
| SHA256 | 6539d6c79ac23724eae000da3f94a46943987146a98212e3a90e1ebc10cf5f37 |
| SHA512 | 3816780aaee53d350b28a0d527fae204bb8555385645456f1e4c5d1ba6f1876fff01372d4097c450e5e93f6f4549ee5f6fd1ed918f40f48fdd324b2a47ca0e33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 991852fec1f83a816915076c01d84a05 |
| SHA1 | 8065aa3eee10fb37fed541946bdd6fc3afea244f |
| SHA256 | ebb85812a3125d60be6bd81d2ab53e7cf713e75bb5043f3c7e690ee4bde81b3c |
| SHA512 | e7238965b156e71db994b2a1896af21c42c9b2f955403df43f366fa06ed29b9d147665d0ee772202114fed02426417c47d04c6576a614b5e00dadf5f289a0f44 |