Analysis Overview
SHA256
538f49f7f4e8a7b86ff0f4d7944631ebd63853888930e3683cd6c676f366be88
Threat Level: Likely benign
The file c06b55adad5e7c5e7e3843373dcd16bc_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 09:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 09:16
Reported
2024-08-25 09:19
Platform
win7-20240704-en
Max time kernel
70s
Max time network
135s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000c01242a6b85780dcbc0bda935e776aa93886c0f41a0f29e4e7f55ee1289a0617000000000e80000000020000200000002b01d3454c760aa5409167f9a1d29f210f8cf1645556a3a83e2e89fe88927b3a90000000466e0d55b9a3deea4185e2895f68404602bcb03356122139d99114cc7478aeb62e347cf7fb8214c0ac5aabfb1437ca235bd696c60ee75c2225eff881cafe599831924684bb590f19b5a280cd2ed6d309eec2b94d3453db77f181a5421f9ff2b23d4f15b3aa73072bde68e3dd0b1fa1e18a6ab82588583851bce77bba345eb0f8c0f63aacdd3731a3160d4ad05f7c81cf40000000d0b8b7010aa23e6aa02c22184862edf2e6e87b166286e3ec01d62b691e8bb5bf3e9ec386a2a4f5523ad393562713ecee7e4caa8a71b28f3e1d5031e06be81b17 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B7E1E921-62C2-11EF-BD1F-566676D6F1CF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7063a08ecff6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430739263" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b700000000002000000000010660000000100002000000098edd835c1b24ba47999a7cb398e73145b3504e3e6e5faec9c8de5333aacada1000000000e8000000002000020000000362d70806b7e093f601d62c83b52c6254ce2d6368396a5b44ff450d91212632020000000ff3ccef23f0fc8868be043efc6b5b8f5366924631eaebd96e25fd69fc7b8d1f8400000002aa1fd532e8dd0ce132f9d5fd33c49f5b0e539028b0afe02d16a32031cff711c03ffcc14c5dfce26c4c0e310a09e33ef196aafa57071d07aef3b553bed75dd6d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2296 wrote to memory of 2372 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2296 wrote to memory of 2372 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2296 wrote to memory of 2372 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2296 wrote to memory of 2372 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c06b55adad5e7c5e7e3843373dcd16bc_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2296 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.18.29.80:443 | coinhive.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 104.18.29.80:443 | coinhive.com | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| FR | 172.217.20.174:80 | www.google-analytics.com | tcp |
| FR | 172.217.20.174:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.71:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NFAY0EOS\cafd83e895d821e4ada3e3e38f93582d[1].htm
| MD5 | 4f8e702cc244ec5d4de32740c0ecbd97 |
| SHA1 | 3adb1f02d5b6054de0046e367c1d687b6cdf7aff |
| SHA256 | 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a |
| SHA512 | 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f |
C:\Users\Admin\AppData\Local\Temp\CabA575.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarA5AB.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6112abf86e77cf4ac6205529cc03bddc |
| SHA1 | 7b909f138148d1fecb136e0f38e19f33c1fcde4e |
| SHA256 | 47902766e7c75662a069dc918bc17640b73e07ca979b80d3765cc49b66ad15e0 |
| SHA512 | e24e1cfe252814b4f6f65bd188d3252a80db6920dda1b2efc1a5a6584e6ef3b646f99cc7ec07ba0789968ed1d976079ec350cb0a6d039dd4e92396ae370d2299 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 7fb5fa1534dcf77f2125b2403b30a0ee |
| SHA1 | 365d96812a69ac0a4611ea4b70a3f306576cc3ea |
| SHA256 | 33a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f |
| SHA512 | a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 2c804190e3de8e848266d04f5b878cb1 |
| SHA1 | 092e5d6a2866d18bb5393860c4ab4b8e7921f34c |
| SHA256 | 25561b816c68ce612f80c6822e7da5083efdfa3b13606dbe05e0954c11f3c325 |
| SHA512 | 7c796657cb1961aee85b21fa25a6ea756c6626b41e75d36859be43aafbf7689779f7237e9087e5a31942fcdcdf7c6b511d8ad494a37a52a706963bbd59aa2986 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85d231ccfa8d1859c4c58e4e4e51ddfa |
| SHA1 | 71126c955383005b44abf7ea842ec87f44c6e873 |
| SHA256 | 5d5c2e76ee39a4b301067d22eda6dd346707417500a6a81487a56da2f42c0944 |
| SHA512 | 36e4a35ce28e1ceb95d70d91a91a69f0648a7f99cae9345b014939b4f6cd28d35fe050cefb129b9f0b6d0180105a7562ecb2118761cb0d3d3f6e9d109c87a21b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 971c514f84bba0785f80aa1c23edfd79 |
| SHA1 | 732acea710a87530c6b08ecdf32a110d254a54c8 |
| SHA256 | f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895 |
| SHA512 | 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 50c97e066e3782616ce67a2b774c2fdc |
| SHA1 | f60e557a8458899722039471d81f9f2c8979fed2 |
| SHA256 | 8c971c5169be9a820ac90949f06adabdae30a371b1593c2e4aeafd7d31a90049 |
| SHA512 | 847d0f86ac3b526a45be52fa97e6e437790df2cb2ba73154cb7943ed928913e92115e02f84c80a175e2b60ac5b82a1105b8714c11e4d9746815e9b1ce6761b45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f9ac17a17cc53b5dc2b554d371c9f02 |
| SHA1 | 63d3861efdac12c1b87b8baef4e880b50aa94508 |
| SHA256 | c0d234344ddf9a79368ca657815fe747875ed68b87f7733dd88e1b18f627e25f |
| SHA512 | 09f6d4951035d1ebc98addcfdb399e8d6849a348bc5c44940cf7086b8218030fc89e02d52c9fe4ba8a4ade2879414e9a759427600d47d43731e07e0d0ca60850 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | b510974d88d2be703265b6f8edec9b60 |
| SHA1 | 9e4fe395e34a344672e3324ceabeed28db5517e7 |
| SHA256 | 4ac85951eb68202845a977c4f92825882fc82d98c3a30dfd3a1749ddfbab1b8e |
| SHA512 | 49de0b975e3121d9892962d890d95bdfb9f09be605bc990c4e32edd7e6ede0ebf50f62e7ad1dc49612646d1fb997f7a3d4f9be982007d489e894997fca7a7d57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | d211813d3f53d4d012cb8999a971cdc6 |
| SHA1 | d5ff60b1a5daa022e1ce2ad4e50ab10ec6186158 |
| SHA256 | 01135d373a3a18d0eaadbbb875fe72fbad354c1ffa158ae6868237731fcbd780 |
| SHA512 | 3769d588c36146c8da0bcbeda02b26b2eb580f3c9c8312d88b1ab3498c0534c602588147a0ac5f943d0a3cc908fd297a79a59f7fec456907aee065d14a5d62f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | d45956ad476f53eed01d6b56dc25c578 |
| SHA1 | ea4c25b59376629f11c09d9676125fc04f8f9ddd |
| SHA256 | 9929f11011fa35d6c2a5e1bf117a621dc3530799cbc4f8c42498109491c03081 |
| SHA512 | eea57954967f6b9e89a00cead467b5123f70c337e4d8dff0e4af7d957dd8c6ef69ab906632935d1d7f6551bfbea86df3079b156f99fb0e4090433b32d6bb7852 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | d5e8f7a9bc4388bd5d1117dd21f824ff |
| SHA1 | 2bae050693a200852b2127f688b50d777b9b5b6a |
| SHA256 | 9b554201d8e85d682184283e37fd1cc0d334429f29b7ff44d0d4e7bae38e251a |
| SHA512 | 4676f9eb0435c6685df530d019840b490c85a83ad79ee00f2fae0a6b721e009fb387d0f1c2710dd4676f23005835c6b87377b7484a794b72b8a43ad88b3dcb41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4cca6cea17b2aba0d3f03693def8bac0 |
| SHA1 | d1412e799927da089e928f3b2fc2eb55825e7797 |
| SHA256 | 172cbdfdaa1d473a4ec608250472caf8ec639bf1fc2cc649bb1f541f85032111 |
| SHA512 | 0e6a945aeed0ca5595d774516efeeae9fea7535f939da7e6ee942346d35ee3c89f98d18fac09acc45949d822abec1315649b74013615fc2bf4baf0dbfe4175c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 335eebb05d0f7f79cccfb520f078b3f6 |
| SHA1 | d35c324cd5289eceec34dbf21f595e58274271bd |
| SHA256 | 456a44697908c6986dccfc2e13171b0b842d260e1e0658e208947434a5c4770e |
| SHA512 | 1a9763627d0eae2f290e82e097498679395616ad334c4c2539c94152b78c0f58c4581f36cb3446d7e8787ecdbab1442d6c0a92be1d6955cb61f3baa064ca2eda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c1bd8eb1a7e744ece572d47e79dedea |
| SHA1 | 4dc35c6940b5a77b5c86bc0cbf4c9fa274ae8a75 |
| SHA256 | bac6c2dccfb665f448bae43197e14d6ef600c9ee395050148584e53ab20e1d92 |
| SHA512 | 0bee737e47f922749bbd13c995edfa0ef82b61d9bcbffb3f607ac43b36dad463eb8b877b5685a2d577224caf37713e354233bdf22aeef2900d896f6dca7d72c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e50a8b4b3ff930a76720feb3d75e87e |
| SHA1 | 17276509f7713f4e82386439d5ebeccceacd765a |
| SHA256 | a2bf868c3df7cb45c1792e2c7dccb52bbe5a9939f4ea8595a3f7e4e931e942f3 |
| SHA512 | fa3c0a111588a3f1ba857614df87198b409f88cd6101d2d1920eba92b7bce78679950a90d72182c95d3d4660bbf282c805109141108f8f82d2391c28b2f79b94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 886733b2fdd4a95fd089d0075ff5ebcf |
| SHA1 | 35ca01ba291191fbf9154b5fad9ce59b31e2b27e |
| SHA256 | 319906e7cc5e08067579d1454b505ea78940a177b14147cc2828dd95e55fea6a |
| SHA512 | 9ada02b9d9e6529c49adc11a0bdd9f4ae3680a88f6a0a6da8cb6549362dabea27d89a7f04fae92c9a7831227e441723bc3289f1984eb267374e4e756f8530b9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9cafc4e1c1852ffe3632c646df38aff0 |
| SHA1 | 315ce3055fb2c25c7100efc26e92ea098ae10bca |
| SHA256 | 4686748e3e643550dd7ed06b67f3294c559a0594e6f010ac2d784a1eb2b6574a |
| SHA512 | 914ea6fa1937ddf619839912ddf70a14a842c69ef4011be4ff4adf7cae8e0df73ce68792f0f4ca649a12ef286004cb50985f33317554de76ae07bde4166ad365 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4144f808119afa0f3dffd962438192f2 |
| SHA1 | a33c3ac22fdbf82a3e5bc9bcd15eb7a328ac5f22 |
| SHA256 | 3e7e134349b8b65deb31519be47267bb01ba2d4c5ab5d6712af24fca86bb529f |
| SHA512 | 891d26b52e05117bc2d3cbb2d1bad57db4f3b64f38811992717157b02aa0c9c7c6d5c8fbd7a6b54f0a6aaaa895d8e1efc3842a27135bfecbc137bb28df7c4244 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 038faf5d58b565b0a510ac07c7eec8bd |
| SHA1 | dcda1af3196e8d6d79264dbb472d64581442c010 |
| SHA256 | b963c85a83ed47668f6a5712e1d1f7415fb9eecadc13d8d055b56e4b90961e85 |
| SHA512 | efbe64d15215dbbe12607247fbae2c59b43160148457c61d46631222223a24967ab624bb7e3030e3ae07441fe14155b4fa961a1cbcbd778b75fc896614bdd185 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3f2e3038e1abb2f2f0e7f18f462d6ac |
| SHA1 | 155032d0ab145ca9c5c7f3db1b9459f1138a2243 |
| SHA256 | 3d0d59e568c29d55c16adc814d9ef90efdd430be73ea191bfcc1d93842f0179a |
| SHA512 | 36236d8b9ba0f8337050ffa48af4cb1649d0356cdf264c54ff9bae4f288cd4c928e88a40d575619b3f7edb94bae5450625096265f96977f2a1fb83ffd0e9f632 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10cec0ead151f5fc05a7a94a34d482f8 |
| SHA1 | cf1d1d5acef81ded4ec02b2fa878db8ca789e648 |
| SHA256 | abc2d86c931f8213bb48e72fd0b5c4a2faaa61ecc3ba16ae7a9a813f4e5c2757 |
| SHA512 | fe7b9c2519fc4bebc898ea466262d8d1c1ead8c56190a7ffdac011705b9d9b2e7f75df2113b1e899e867b315064fff1d0415ed93ef7e55568c2cd516b30e0932 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ff051c57fbab70c91f2af52ce8e8ba3 |
| SHA1 | 9902db91163bb1446e83088f095510d5db14cd78 |
| SHA256 | acb1914776680b99f7115c0be57af8947ad707294ae2114d997f3e3eda7b256f |
| SHA512 | 9b42278237d4f0b605f540408d6cd99fe5819a891b2877f0df1d4f3fc5a2c786133b370ebccfd7f4344af4146634b02f6d7d7cbbb266923f9b183bafa76f61c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afad948ab576a0080a884224db58087e |
| SHA1 | 848545bfb679573de469d3f3cfbea5ace963a81e |
| SHA256 | 35c058040aa72c3d1a87269308af4ef5ed4d9c164925d2480513dd59793310e1 |
| SHA512 | 7c081f6674ef9a7e45825e0828f2d1856ee0fafcf0fd31ba87b6bce8bad3bfe416fa20a2d3ea5321da087cfab2dc3a5e3ebda88cc8d30b4c70960f38fc8e817e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | e9c33c268170453876ce5fabce8873f3 |
| SHA1 | 1bef31cc84f2177f2586e61b65967b85e5c6acca |
| SHA256 | 12cab15830bcdae2f0cd8cef366f0817a691cfed6321a03ced0d26322f214cf8 |
| SHA512 | 75499aa89cdefe8bb06e89bd6625f686494a0cc149c256d27c0bace2e9ea798facb3fd77b9b84fc7b7358bc170d81880eef2c2d8e108c0a5f0ab97ed628c0053 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d6bf560f0562f207bc16ad9fccd5a06 |
| SHA1 | fd148d13034a3879889ebc4694f1bfc48c59f931 |
| SHA256 | b3e5ac646e30264eee641afa1c87b74e7f452d9e80dd06d82ea0dc0755b276bb |
| SHA512 | 66cd8e10daf7f47be7da5e4426b1651a9df4692bf67712f2aae629b570ec3ed8ab79826383af9ba7e7cc9ea559386810f675df7c0726fd9d313b518b72f1f144 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 921b30ea2dc30657b65af327ff555293 |
| SHA1 | a4cb85a0d905fb6090b440bba9dc71b1694de6da |
| SHA256 | ecb7b0e4fb3d42c8d9c8edd4051a804d3653085325ff348b1b8f0484b1ec2626 |
| SHA512 | c25740bcef196648c3ae95c5352789b2dcc1c9b27d959504de1afd75e8a1be28d066dd6bcccd2c544d2605f6e4d14c1b09850e3eaedb1adf0aae25ad6abbf2df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c1183eff9b88de8c9ddd4161d915a56 |
| SHA1 | 15a6abff5965daee506eaca105d16b0be756d0d7 |
| SHA256 | 78f36d458c4545771ba798a77a753ad5cc96143ac0e1f6bec54e9d30f814dd47 |
| SHA512 | 2ad4425a2af77c5f00457ccf36ef75aab652d7ed9a5c4d081b29fb7cc220a9e5a80ae8487e19bb79a9357619ba8673848f84c9ebdaae4d26659d3989427a4ca9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e4c83cd7d36835d20d3c995f0206846 |
| SHA1 | 69a7401379f316d3958414686597b9dce3fe146b |
| SHA256 | a0d2ca6452ad092a80999dfa69ecba84e0399b6d372b6ad9142cab8dca0cb9e0 |
| SHA512 | 45b591d31404077c8ea8c0ead830f5ba196f19a9cb90a0d16db1fb2a01787727c71587b32988e0ae1319bfbc068281e237ed6d5bb1ff10dea2f28df7e30468e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59f8414d5e595b845aa4349c07e17eea |
| SHA1 | 86f1feeb863823bdc97de7aea46476aaa3340aeb |
| SHA256 | d97828c04f63a6db2892eab2f9de5fd6344219912f11632907bac5fc95ce8185 |
| SHA512 | 335ac94658aa1e4d655b1e9f8e4069b2808e63a7fc8a041082b51090080400c4a1532e3e87562864f975f21ad59d955808a0022efe81b325dc5f31b7984b4b63 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb77e8802d36211a5a4a6884254b08f6 |
| SHA1 | 57c3155efc6add591ec1353da0b0e25a56c2d513 |
| SHA256 | 9cecd4e5a534895bac2cdd161f980a42a5bede626d8867aa59d741a7caf10517 |
| SHA512 | c2ee9d488d855cc62c238c25aad5d0d854d1f7a8a063feb649b148c147ea64127bf39e3f05c52266b65ba782370ee913468c727987134c196839bc479bbd5f6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | bc47b32d670e4a91797dd7df585b8cd9 |
| SHA1 | 7da1fa5551736f8468bc442ab0654ef73958c1cf |
| SHA256 | 37bb5d41f629a6fa362328c30675118c9b846f86a3047f73e43d8f372f96b9cc |
| SHA512 | d28e2e4a8fa7ce39a7a448d68d29cde2f8d5b7f61458c854332d5e6085bab151b547ba5dc880f8293d98f48b6ea583b8141bf33dd5f249b7d379661646b89f14 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33442c60491b367ef873b8bd78c7ff94 |
| SHA1 | e7461a674e79b3acf7dd43aaafe7a7764418eb7b |
| SHA256 | ee5ec50f0d529667e38983fab6b7371f5de0bffb8f80b7e01259b18556e8e179 |
| SHA512 | 14f43376378b0080d6889f80a51f50af75ab1e0bc78b4e0e71216fb4df16b799849d53166fe86c6f3698a6636bed4d2398d9689758ea9a75f310caa6b33a8f3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2bdcc0f63377b199dd743b1cbe5925f |
| SHA1 | eb027178f0bdb6421cc8575e17d055960828e57e |
| SHA256 | 06d87a6639431f8367d4d4a0f677bf6e5342e0f8c6c5e7bc53b30622e9175120 |
| SHA512 | a795430261e3eb002197a42df585b95d43d20415b164fd12197b72e609cb0807d3812288c5b4b4bef4e46fcb0ce76863e9c218e97fb646534e6884fe7f365706 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56c9957830c0a0734e23cb587de69cb8 |
| SHA1 | c9bd3b15f0ff0b623db2dba72b0a8f59d5a52be5 |
| SHA256 | eee1a082ca248f66cd71bb0c61149a3b31fcf261f54b9b269e127c20551aaaa3 |
| SHA512 | 8a8d3a6b241dd75b80cf517743efdaeb8be2d77579fb971f971445520b6c89b9776b0c4a4c11457fc26671a610ab06737a78675ec135026efbf99c621269871e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6abe930401c307a3012b575fbc8159b5 |
| SHA1 | bf99b7274bae0fadd2436d57dd86bb172c7c0401 |
| SHA256 | 3804be527328fbb8e19a9228ad67adb9c568355db3b7270913593d5ea2210962 |
| SHA512 | 2e7a6f12fdb0fda1963e67afe334b87148a3b448191a13a3553d1ae98175eaddf08842f6d32e219c4f391e3e1135abf71d5701529104916779de9dc69bfef92f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 09:16
Reported
2024-08-25 09:19
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
148s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c06b55adad5e7c5e7e3843373dcd16bc_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8db646f8,0x7ffe8db64708,0x7ffe8db64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,4215428110227225990,7932946613335095389,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,4215428110227225990,7932946613335095389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,4215428110227225990,7932946613335095389,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4215428110227225990,7932946613335095389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4215428110227225990,7932946613335095389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,4215428110227225990,7932946613335095389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,4215428110227225990,7932946613335095389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4215428110227225990,7932946613335095389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4215428110227225990,7932946613335095389,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4215428110227225990,7932946613335095389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4215428110227225990,7932946613335095389,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,4215428110227225990,7932946613335095389,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5232 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.11.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| FR | 172.217.20.174:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 162.160.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.19.74.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dd2754d1bea40445984d65abee82b21 |
| SHA1 | 4b6a5658bae9a784a370a115fbb4a12e92bd3390 |
| SHA256 | 183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d |
| SHA512 | 92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1 |
\??\pipe\LOCAL\crashpad_4436_BLOZAEPVZLTTJFOB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ecf7ca53c80b5245e35839009d12f866 |
| SHA1 | a7af77cf31d410708ebd35a232a80bddfb0615bb |
| SHA256 | 882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687 |
| SHA512 | 706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ab811c5dfafaf894e0171688dac41367 |
| SHA1 | b745e01a68c94516cc7c7ced16ee04e659edc58a |
| SHA256 | c3ab74c6dd32f9e774e9c6ceaa885c57169287afeb130318c9aacc8de47ed993 |
| SHA512 | ccce2a6e3ef662aa1ec0d3bf86fb4c692ce4ef9e5db19cd4b98ca404591824f6b6d53aa182ee5388be8226d834ee007967adcbbb11f2f79da38c7c1561eb1d10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 17c74d8d9fe9b8e1c6d52c0f837a9f08 |
| SHA1 | 9483d4dbf2c2194cf7f3ebdc84fc7c1a7d821208 |
| SHA256 | 29dac3e6f6191e311434725f1b873879b30b1cb0246d14dcf8d794de553da71f |
| SHA512 | 0e223a330000770a34097faf4175aa8fc5795ec33eaf78fd118fdd16907ad8e67cdc545adf4228c9a087dba21190274dbe2ca95598ab8176d10fc1ba20f82fe2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e0afcb087d225ba76e19e03e05592cb1 |
| SHA1 | cfc0f47a26cb491ef8bc37819d7d9bc348baa449 |
| SHA256 | 8c89a88ac5b47c0057da6fd97fdce4249cf241f5cf384194381773277b61edea |
| SHA512 | 6e18724d88b82d58fd0ee7534effe4be5f55fa8b5b9ec060365cfc21d08d1e5ed659e4740f801062ad5975b8e83c803ebf55923e78bf88d41038e6ad88b824a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6e586ef38ed25ee7b466b3bbc6d61b81 |
| SHA1 | 44b8f92dc7b5f9cf572df384de2d7b5f0e7bbd55 |
| SHA256 | 2ec60404bd7a4e5b29633d40655b3d7c1482aa5c4e3d25fa7804f6acb2ae23d4 |
| SHA512 | 01e541322d3d92ba14d1f051391e81ffa02c6bc2a868a5a676611e06f76c1d2ffb4d1c7650915b2c77df20133e0870d49170a1cf837f466699b3931e290c8073 |