Analysis Overview
SHA256
a231202af6a8646cdbbc8a86720de42873b8ad55ec0a83c15ea3ed6ea61d43cf
Threat Level: No (potentially) malicious behavior was detected
The file a4ea3dcb17a4ec1c8aa607582ccfa70c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:45
Reported
2024-06-13 09:48
Platform
win7-20240221-en
Max time kernel
118s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f092df9176bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BC8F5671-2969-11EF-B0F4-569FD5A164C1} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008994908906c67f4e9964e459621324cf00000000020000000000106600000001000020000000a4cc8a1635afaeff8529bea955f1598a466031736c268ddce43d07ab01faaebc000000000e80000000020000200000006e1d21fe4fa9c1071bd77615a2725f153664f8c09083b8b01a5677e9e9bcda2590000000783b61f80833e35e8f071bdf3fe9ecdad25f6cc29a8f3a9956be1fe5c7511103f72f4ea4a524dd83175b11ff3a5eec59fb79dcdfab6c997847d563aa94221249ff2859c244e66df45dec4e606b139e2b73c235af4c5f92e7ea30604e271fb1fba735dba310264416de3d1e116ffd97783d8470718b38b5bbe6c87dbd600cbbdbf89ff44a75491e1e454eb7268c575a3140000000efe2b95fbbcce5d1ee762317db09f2fd09cc1ea3ec84afcceb7844f359149fc9bd9ee226ce6daa06b2055c34ac7ac4baadc41d8ef21b72de85729c3690e88b1e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424433826" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008994908906c67f4e9964e459621324cf0000000002000000000010660000000100002000000077fe502b35b738f566012825a1cc838642833e84f2a52160b2a70c1fa9a4c30b000000000e80000000020000200000004ca7931110c33f951b1b54619f9cee50eebca0e15f3c16fbf538f58d2d8fa65d20000000b43cc0630df0a4a68bfda032cf7717f5614b90a0c23c469eebae0a6157a7a89840000000abb3a43a9ef89681e2287e5efafed70f74ab402d40e30f883f0e9df16e8a1009e99a80007c7bc3a80e820a51d529d7297fa812bd4d31a4d748ae5cb0b9b5e1d3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2144 wrote to memory of 1672 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2144 wrote to memory of 1672 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2144 wrote to memory of 1672 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2144 wrote to memory of 1672 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4ea3dcb17a4ec1c8aa607582ccfa70c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2144 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab193D.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar1940.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1A34.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d6f9e46b717d3d0ad45ed1142eee955 |
| SHA1 | 01638535cdf837bf751a6768b7d6919837a60372 |
| SHA256 | 0120cb949ab10aac9d068a5eb30ad6ff6b25df338cc5b38f56162b42511df551 |
| SHA512 | d2e3b2ebcd6c1260fdf31ef84ef9e28b42e7329152e3fcd6702b170142b2ab33e9ef70d0195061dbe63ee7c0cd1c41e5c3e4a8a1ad92b7b80fdfd8316531b049 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | efbc45418b417a0849d4f77da7eaeac2 |
| SHA1 | 7d25fe29e9be0caffa37a2435afeb80b75d526ee |
| SHA256 | 593593851b75fe4a4bdbc001ecc6cbd363c70c632d020eba0c43f498829a55db |
| SHA512 | f17e8fecbe3cb3496e054a0e00c66429d11e1c18aca6514ac51843dde3f7210137049c42b5aa913a3c934041bc20955931b05dd8190b9bbf26ad98af23e5ae39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | c74f86e19dcff7b30ffd6e127b1edf0c |
| SHA1 | 8ccd439260631a8034c8e571ce9129c569c324e0 |
| SHA256 | 324b122e547b0b52514c133a869123ebf411012998089a9e8288cc717c416b2f |
| SHA512 | 0c1af92585f5142ee4d7946238a4094f354cebd7ec18b9063677e89a28b9ff8fee5073b95fdf65af5f6f190c0ec6ed082a64612ff1be5d073efbf3ed95c25db9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ccc10b05a1c9e974581c550bc33e6eb4 |
| SHA1 | 2b726f8c6128d3a7ac69b59c2f68f288f9622783 |
| SHA256 | 78ae68a95a964c67487b572f059dd135de95f60994d85d68e45925e75b723e5b |
| SHA512 | 3b3205ce3b9f24625b7fa5bfe29a0ac2f22ddbea408ae501207fcf16c605045d41eec8df81e8bf23333bdabefa92b161108d7a6584a66f8ee86c1e37363f3b25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8867bf1b3ef2db37647919e54884f6a3 |
| SHA1 | ea1f436b3fb79c1f584f57d8356eeee4b7441376 |
| SHA256 | bfe7e627ca97b161653e592efef9f97e609760a842165d566a21fa6b64de0e80 |
| SHA512 | 1a100866ad7219759c9ed5b403b81b7dcf8118745010503ce0866409fadb5a18b2e420f3e74ab7558a75882e3d23b2deacb02c0fe83c27e7acc33bcdf6628f00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd4c569a50eee258bcd2835116072dcf |
| SHA1 | 2e550d56240fc06c788e69168c291e33e1699128 |
| SHA256 | fb9f03c5cc16717ebebc16cabbaccace048b8f2917ba9bdabca278563883d930 |
| SHA512 | 26ae30532015ad3ce707ee985de36f5a64b111cabcfc7efc09bdbfa294d988dfde3cf14fd9cdb8948197959d7dcd52293e025581095c8b069d236af367dd5845 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64f08f91531adadb346539de6f6b5af3 |
| SHA1 | cbc14b030489225cba285ffb27956a048bf1e9f5 |
| SHA256 | 8dcb1cbc8a7308871f7454147f6f24bb472f679b462692ce95f50366c8e68458 |
| SHA512 | 1adb93bc9c0468c5670a18d2be596d98f129b0b8920debf4ba1d057efd28500dea24a7793b31ad949528800d29397aaf4241d8bf848017be4f39bd3de3772c57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d908659339b7b803bb9cdeaab66bb626 |
| SHA1 | 03d03e61e9242e4d645bce35c3b3cd6e2177ed3c |
| SHA256 | 810b22f5a8e3d4050476a940a367687a9f60e72ea74465440c627c0716c7bb3f |
| SHA512 | 2da8ba72c4f30fd047639e8dd58ebb274b2f49a7535d3ca4cee0bbc76e2c5160e29423b8c933cd1ab578c89b856242828c6753c79d0003b6ed86242a40521714 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02b075e305c20417b9b323f3727ebb38 |
| SHA1 | c5ddfb433d297371e2d8faa4a0fc13f165d4f7c4 |
| SHA256 | 15ba8dbdc7a6af44fdc8b02de63e5fbb9d2d7f8331dcf2a63861b1fcc1864aa6 |
| SHA512 | f883787bba0f607cc1a46b4be33ab82d214eae6eee54eed4fc20f982151fcfd1e012e1e1b8cb5c44c5751fc68a60f417528c7cbd1cd840affe301d4f0119e2fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9793a42b9d4ab06d19d576fc92c8df4a |
| SHA1 | 3c1a8bbba6045875e7ad69b5f9f535b943ccb8d1 |
| SHA256 | 94e494c292aca296be539afacd56205dd753fedee22f92246361f6f6436426ab |
| SHA512 | 56fc032cf8e3d19cd732732cce2f1bda144dcb887bb6b040333a7eddfd41543d0c1865e2dd1f55256451396f6f2ab00b627db4aa859515af814770eb034b7ed6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6be769f81cdb9680f7e2c9a43b2d9b3 |
| SHA1 | 941c12a8aca984b0b52ec79f9d6feac6392c2c52 |
| SHA256 | efb4cea0ebce5fd9d2dea79ad22ee543dd34faae5cfa80bf9ef5d4e2e6be7091 |
| SHA512 | 996185ee99f0333b05870ece83b2a8f5e8821b52a754c145aabbdc108d0f24dcd9b0a17809702a07e65a95260f03dfc7e8fa4bce7460367c6b5785aececccb47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50b9b9cbebc5065f202b01773bb69560 |
| SHA1 | 51a0439b8070d6f615d88530b8ea5abc4c2ae6f1 |
| SHA256 | 78ded6925574944d220f67c448b45feef0a65f3dca0dd23a5f99d9e74438f409 |
| SHA512 | 88f01b873d00b7cf11163dc1891ae1ab7daa0d9f468952d6c720efaf945b61cb4255c9b6f00f78500a7ca69ff5ab9d211f59ce209869ff12f4768195a973735a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5e15d05393562d9224a020ffdd0d933 |
| SHA1 | 56cee230453f69085038f2cb34287347f703fb46 |
| SHA256 | 0d59a5983d1554f3c6540c2fd48b2ace52ba523f4853930498bdbba14d07e9e2 |
| SHA512 | 0981fead07e0e106ee4993b58df97b541a54fc33d508a2870f355778930ca620304fdddda80db895ac071142fe21930ed4aa9c51ff34993a7afa1d1c42ebcd5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61d201b4db10b1f5a3070b23bd66e5e5 |
| SHA1 | b4b96284fb40c5f4d39385155d8adec0fdc77193 |
| SHA256 | 84f24b186d3c567e6c7cb40bf9fef78aed6c484d0fced357a6350c9823eb5283 |
| SHA512 | 6c424c2c8119267de0a23766ad468a80e85e13bb3f6c57780b043287b6a711e46e91515a90193c665e66740d05cae70118741c2d0e7668080f1d9f429537a202 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 7b18ea9ce1e503a5bc064a14dd39f868 |
| SHA1 | 139456e38584fe9d93e97d80b26f8eb909601e1e |
| SHA256 | 047c59914c602eec29abbf87c191df27f1ec46c6b21bba497832ab357a3861a6 |
| SHA512 | bb8b6f372d8d3fdae21aa23c61ebba63b39ae392083b0493df26bde7d8bd90c1eb1f5c7ae377a4a18272112cda4dfed96ce7ca2c09c0604ecb81358ddf51cad9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d789488df5db23e24116f5e99ed73fc1 |
| SHA1 | 553b62ff3659970f179d3c93027c652c7eae168f |
| SHA256 | 64b04800b2268e3638548974c9e16ab2cfaa51c26061631077b10cd32a43c42c |
| SHA512 | 424f59043b7ac7e205602114c94d3c356ace557412c6ced9eec43bdd8eb46736ca16b9adc56b04344c166ef5b45bfd5ecb74a2174869fd5fb0f4ff894fbc13d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40655a65be2ef0620daf929b05ef320f |
| SHA1 | cbd41b8e85ebf4667608b460c3344028533e155f |
| SHA256 | 493316fa38c62d94eeefbb653ae5707a4c9828d49004d0864f464ac3e463cb03 |
| SHA512 | a01dd40f570db55a3bb986bb9c2e0133f8d2cd8e6574abca54ddaf10c55a1ad1013d53bafac6738bce7de93d03eff02811c7fa17b205731cb7440e0a3c463de4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aabddd3e83f51110fedebd45c897713f |
| SHA1 | 9cbfcf4b999d2df0342747d65ca063e8d26c0969 |
| SHA256 | c6dd14d3d0a4a4c5df954d855015048bec8392f04e0297e392144ea1e321de94 |
| SHA512 | cb74fa3c58298a409d4cfa9f3f736d3a64a0712a2d0180ea269b762d10c646293514eae36c82166bf39eaa862cada9c3a8bf20fbf4047c1ce4b259df7c81103a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf1d1b2a5792f7790059a5c2fdca4c1f |
| SHA1 | 2e96df8dd6bc5985a11d4005aa35c6caf0725370 |
| SHA256 | ffef5f678674e0f6885045a91311387d38422a8523b30e208d79c2d2226023e8 |
| SHA512 | db6f03543ff800908c759480afae971daf8d053e7512bd8286ea174fc3a9e4f2718a8de419bd5199b4aeb01338a75c2e70ecf7bb3d8d9baff2f9bfdb8ee7a854 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4db3be720ea98e307722c5a70112c31 |
| SHA1 | 7ef49fbd92de4fae9493854b5560a639d1ea2d1a |
| SHA256 | 1796b0bebd37f4b03dff3fca3a7b7f1ce2ac96ff8864e75f6657061b78b8e5d3 |
| SHA512 | d939eaf18225559440de15c5de19955b827515d0ded075c9e816d08756778867b908cab9eefb20f8f6bd4062c87b8dcbb96c41e49b04dbbd2285ff7e1a0a8f20 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4b75a1f62bcbde42e596be496827b52 |
| SHA1 | 1e7475e98cee11aed95c8106acbfbd3e20640d06 |
| SHA256 | ed72382e4872613d443b798b23fb980da8e1591c24778fafa11c9767d3c522b9 |
| SHA512 | 1ca186ac72d722c24d3999ce807ba16236bce103f9caa83b5e949a5ce366f149b12e17f71b78c8d54df08aa04049d0bdd8b79c9a7444844d3e4afcb39feac9c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | be5d8d392ed60a4fbf22d18326b6a308 |
| SHA1 | 474dba2324625eae20dd0d1e061fd94108344298 |
| SHA256 | 10575f82e482d51f084ff5099fff655fc2d70499a40168fe9771cfb6ef6ee168 |
| SHA512 | 8578013fc895b6c5b4ad1ebde5f2622b3fcc2c2b98f17becd05199eb914614032c4a5f2d98daa47e1aafb00ea4f096bfcf6750d4c8ca41b5760fec8d57453daf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9490805aad45bfb21e9c9212119c3edd |
| SHA1 | 08365d77d8adf50043b8dcfeef3dc0dadcb364d1 |
| SHA256 | 08858857a62217771df357067d15f5178d30f038965518d4d37372811590341f |
| SHA512 | 6d4d5e029c8f2c65f6210b160dfb285be3c85df1a01d76fac48e2ce66b6ddf57841384fa9460c4aba55c3742f5dd97d8f845011d8c9a2289b79b5af3977d4c1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd2d67e3cf9d83abc5dd6526d3550743 |
| SHA1 | b82608af0023c34500e4a3b0ab902d21b765a567 |
| SHA256 | 6b9745b128209e7bb5419ce2f61a9961c7f37aae13cc57814f25636f6651b935 |
| SHA512 | 9ed0097a123069a0de10b199fb5d38d6068b3ad59db18cb1f0f15cc97bb48bc9c4d1086826f6b5c6353a7081c9109af1e967cd0f15f6fb61adfa6ec73ec9f4c9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:45
Reported
2024-06-13 09:48
Platform
win10v2004-20240611-en
Max time kernel
145s
Max time network
140s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4ea3dcb17a4ec1c8aa607582ccfa70c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9fdf746f8,0x7ff9fdf74708,0x7ff9fdf74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,12552127913401940129,14591636143664483570,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1924 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,12552127913401940129,14591636143664483570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,12552127913401940129,14591636143664483570,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12552127913401940129,14591636143664483570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12552127913401940129,14591636143664483570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,12552127913401940129,14591636143664483570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,12552127913401940129,14591636143664483570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12552127913401940129,14591636143664483570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12552127913401940129,14591636143664483570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12552127913401940129,14591636143664483570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12552127913401940129,14591636143664483570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,12552127913401940129,14591636143664483570,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1296 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 188.114.97.2:80 | saltworld.net | tcp |
| US | 188.114.97.2:80 | saltworld.net | tcp |
| US | 188.114.97.2:80 | saltworld.net | tcp |
| US | 188.114.97.2:443 | saltworld.net | tcp |
| US | 188.114.97.2:443 | saltworld.net | tcp |
| US | 188.114.97.2:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 188.114.97.2:80 | saltworld.net | tcp |
| US | 188.114.97.2:80 | saltworld.net | tcp |
| US | 188.114.97.2:80 | saltworld.net | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.97.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 131.253.33.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.33.253.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| BE | 2.17.107.112:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 112.107.17.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b4a74bc775caf3de7fc9cde3c30ce482 |
| SHA1 | c6ed3161390e5493f71182a6cb98d51c9063775d |
| SHA256 | dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280 |
| SHA512 | 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f |
\??\pipe\LOCAL\crashpad_960_ITSERRPTJWFVSYGO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c5abc082d9d9307e797b7e89a2f755f4 |
| SHA1 | 54c442690a8727f1d3453b6452198d3ec4ec13df |
| SHA256 | a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716 |
| SHA512 | ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f05e27ba0fb61acc91f5ceae9eb1a00c |
| SHA1 | 1cbc2df5af6bd558304e61df7fb4135d49c1e098 |
| SHA256 | ce88f9d889fa592ea8a423100b738943ffa51ced6688428370b6035d84f434eb |
| SHA512 | 40578b4aa3e9cc7e85c9ddcf74d66a7280dd2b8996ec647b8e46373ff73ff0f9f212375fa1c28be5ec0b4c07cec603bbcb91f243f1856238bab4c0fb78a60683 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fc6c355749590c64bb2f768edcd44774 |
| SHA1 | ca8e19275f19009eea4378dbc4f46d46dfe49357 |
| SHA256 | c739296057141e49be902f3e11755ce36c26cb7633a21a51768e9fa9a16c19c5 |
| SHA512 | 8fb038eb6491218cd6b011875cfc082436805df2b9dedb20e62a96a0d428c69053a3471da888d241db769851be1fb1ab786cd95b99c5ca2dd450747e832f0aa8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aa73a3535ef2608d0bfa63a8c3a571ab |
| SHA1 | bb4a01969f07be3570c9cb1482988c7860f91540 |
| SHA256 | 3ddad964bef6d4ad71278d31fe3bc184342983e36f9c20869e9efbd697e95e02 |
| SHA512 | 4f2bee323bb8e2e474ade1f6e16d52d1861c42b67e79cdc9878a22374ec218e1a71ed2834d9aa2f62d538b30a74c1b9cfda40a1a9bcc82121b08c1e417df1288 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1a01be5c23567ecbba26f3e984130b15 |
| SHA1 | 16e40c28db9a425f918e7a3175e047653d7aaed1 |
| SHA256 | 681e2f761f1a94fb110c7dd705752079e75c23690a98d7f322750f788c15c2a8 |
| SHA512 | eccbf1d8356c7af03f692734fd603e3ea7f169c25a88d4fc3d46590285243e8946a93d8c96c55501e2b3d36ada41f33fe717096339651c7dd89a5ca5338f7ec5 |