Analysis Overview
SHA256
bb7f05a9fe99225629cf949f5494796f00b1077062af4ce594a9c557d29febb7
Threat Level: Likely benign
The file c073c494c46162c7a712de694bdaf78d_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 09:35
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 09:35
Reported
2024-08-25 09:38
Platform
win7-20240708-en
Max time kernel
119s
Max time network
128s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{691B58F1-62C5-11EF-BB50-D6CBE06212A9} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430740415" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40a6a23fd2f6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000be79aa61eabfd65f761285bc9405568365dd68c9f97070bed327b0f44eced563000000000e800000000200002000000059f6aacf403a21bc2df0592efd36a1f42daa69365f660263874de3488b14e3be900000005b9eaddb587de638e86f5e3aa52488dda2d119ad55f000be5f18f9e3b0d2b1bdaa2255b91e35630aa7b7775a962f485cb84173b923d791a856876200acbc9ca82e8cdf9b40f9539f5827c7b32f0b3a15001de97cf6b7af9f855b6c43b376fccd04d8dc19e4f304b1efec6d5a6be68874ee6f7505aff3cb6a726a57e0c13f611884225c437fff3e91d81dc196e64c7ef04000000055f14e990f3588553d0e55e1f8eb83e9fa18549c3f913bbb88ae4cb6f80004b27c1b59563ecb5813f8d86eae4e4a15960c7277c6951e303940f474abb244794a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000107fdf685046d5d857d17274b07d0cc36388dee121957d700285b77e0b5368bd000000000e8000000002000020000000821b23f7c8dfdf9e90ef42475deafdb203b701d5dbe4be3e0493ed15fd4a200220000000436d4a5835d4a05127d3071f31c0629c94cc81aaf07b8f95fcf2bea433a3c1c64000000032a922f0985aebc71a58534d57b5fb62a2571a9f2f63af8e91d0a5aa46d1ac57a43857c1075f82cbd884a643684913638fd09cb0e07921c2e99c47c6bbafe2d1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2704 wrote to memory of 2556 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2704 wrote to memory of 2556 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2704 wrote to memory of 2556 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2704 wrote to memory of 2556 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c073c494c46162c7a712de694bdaf78d_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2704 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 104.18.28.80:443 | coinhive.com | tcp |
| US | 104.18.28.80:443 | coinhive.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| FR | 172.217.20.174:80 | www.google-analytics.com | tcp |
| FR | 172.217.20.174:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.80:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\936f26abd759555807b0105d4e610318[1].htm
| MD5 | 4f8e702cc244ec5d4de32740c0ecbd97 |
| SHA1 | 3adb1f02d5b6054de0046e367c1d687b6cdf7aff |
| SHA256 | 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a |
| SHA512 | 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f |
C:\Users\Admin\AppData\Local\Temp\CabF1FF.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarF203.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03da4c12d087f8ed09502b018e8404c4 |
| SHA1 | 0db2afd8beac91b61faa13ca04877f06e361401d |
| SHA256 | 8c0123a06cd34f10b4a46bdab99b611bfc6dd03f81e405bc5a145b255aee198f |
| SHA512 | 6a26f936f8e64d085e960018bf686dedd2460c292518863de1bcfe33b5734d0db7d1cde54423e7756258b19084571918954fa4ccd74c454785af518987a7be7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 7fb5fa1534dcf77f2125b2403b30a0ee |
| SHA1 | 365d96812a69ac0a4611ea4b70a3f306576cc3ea |
| SHA256 | 33a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f |
| SHA512 | a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 4417978f16ec98417cd15c73d82ab77a |
| SHA1 | a66a71c77a64e0a583b912247e0df360386339ef |
| SHA256 | 127a1bfb04d1508c9f85fc384c56c764c26e11eb9dd80fb50bc6fe19575de494 |
| SHA512 | 5d6a237d1066c4e396ef781bc8b677c46e01e2319b955ce8c3385771ce49e935bc3db1201b7921a3f885ac9e53a88c05940fe81a856cdd089ea1fbfb46ea5021 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 954e5b550dbdee6dc6d6ecdd9bdd8fda |
| SHA1 | 76b92aecee4acb72d5594296eca066aeeec307d5 |
| SHA256 | 66c874f7115463d0c7dc152fe65a5f52afc3192645511cc941068c961ca75438 |
| SHA512 | a94a0c8dfd7fe9dba87c46bb2bbfb4b0908937c8c8b68e9d95648d5565ed99a8100046f45e1035712c577ac88385f1ecd463b237b8e5a7148cd713aeaead0227 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 971c514f84bba0785f80aa1c23edfd79 |
| SHA1 | 732acea710a87530c6b08ecdf32a110d254a54c8 |
| SHA256 | f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895 |
| SHA512 | 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 857c01422677d4723acedd1ed960cb95 |
| SHA1 | 95c6df5ff01c90b5c4b26100de1106f827297500 |
| SHA256 | 1c1d4ddcc3ef86f3fd3a717181ff17100b6ec98826acda3a3e55c9101617c011 |
| SHA512 | e9fa1d9dcc9f13927a2eef15ca27ce77f920db749590fc24f3e02ddd1f4de5f3c496a707e8833ded350d3ce25f74ab28741b734c5824e7ee6583a97a16fcc5d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4eadcab1ab65353e56dbba97a692593d |
| SHA1 | 4f698ac739591b918e22d8d40cda8ad4ee9de62a |
| SHA256 | 7320fc4f6d5833019f46797d9b4472d4cd2a59324578d44448be6f40bd0d5d8f |
| SHA512 | ef51769bf6bff4add53e270739c7e6546b89f73e5cd50340a70efeb91925c4dd1b7a0517a2752c16dd07e6df0a505bddea41b40047c54a593ee67d9641aafecf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | d211813d3f53d4d012cb8999a971cdc6 |
| SHA1 | d5ff60b1a5daa022e1ce2ad4e50ab10ec6186158 |
| SHA256 | 01135d373a3a18d0eaadbbb875fe72fbad354c1ffa158ae6868237731fcbd780 |
| SHA512 | 3769d588c36146c8da0bcbeda02b26b2eb580f3c9c8312d88b1ab3498c0534c602588147a0ac5f943d0a3cc908fd297a79a59f7fec456907aee065d14a5d62f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | d5e8f7a9bc4388bd5d1117dd21f824ff |
| SHA1 | 2bae050693a200852b2127f688b50d777b9b5b6a |
| SHA256 | 9b554201d8e85d682184283e37fd1cc0d334429f29b7ff44d0d4e7bae38e251a |
| SHA512 | 4676f9eb0435c6685df530d019840b490c85a83ad79ee00f2fae0a6b721e009fb387d0f1c2710dd4676f23005835c6b87377b7484a794b72b8a43ad88b3dcb41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 38921a313d2f978e8644ea1c46d2a5e6 |
| SHA1 | 10a1dbd8ea0916144adefedbf19ba097d2fa04d8 |
| SHA256 | 0fadc751b959e19a668d477668a747d3b3f1740cd77671e9723a5192d2aace7a |
| SHA512 | bbd4084b39960a10e08ad283af098c6511007105c2abc64cb9418e32515a3e8b934d73953ba6fbb5d9e2da198dee5e61dd71abef062d4d8e0c00fc49b363d41e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc7a1519094758fb0f5c3f7675a09718 |
| SHA1 | a67308c2c0255308826e547e47811fc837da24d3 |
| SHA256 | 380b87b4ae1b87b32f2aa7c668197427767017da04bb919318f4297318e6b2fc |
| SHA512 | 41a9b2707582117d04356b0e04e1fb8903ef6a6a9115ecc748878b28864b45f84902c5396b711001447362b1d153280cb5e72983b7a4072cdb39bfeb927901c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8db5298c19d58c2a58c59e5eeb14634 |
| SHA1 | a12a2971a008a91ec34ed3cf5d99cced79e8e515 |
| SHA256 | ce8f1e616874632289b1924411ca9d7dca40823251df4a93a52e10d25b6eae78 |
| SHA512 | ea9fef05ebe57bbc1000f9b6aa256b63c9750b12a992d62eefbcbb02ae7266e7fdff524893651fbcf6a6a89c3bf18f2e853285380329a792db44ada2e07a2a14 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73314552a2a5dedcc0e98ca2efb8b081 |
| SHA1 | 5d7490220de4536d86300ae1459b5f6bf0d2f07c |
| SHA256 | f5ae449d0c7db2c57baeb7f8867cc18a6c11a5c7eeb3f1c9b6ca1ce5940ff109 |
| SHA512 | f631df0902d32714bb2034e3a2923366ba192115bcb93dc1357b6a3e1c89e769d8887a448ad8bb39c789a6cb6bda525ce665891b368a535cd612ada734f51dd3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 450f3b99923ffd59f7b91e73718e1fd6 |
| SHA1 | 72642c99501cf5ef4cd5d0f7cf23eb3371430779 |
| SHA256 | ecf080a9d1149ad3bf792e7a6a6138da68632e23e38a96c312cd190ab00ee40f |
| SHA512 | 9c69d042044e7f7a170884268b6b31175fe10640e5f59cbfd909cea2194f182391e55959e9783e4f59e334b0338eb4ae366b6b1b4aa9841cf3292e2d4bb73820 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08e8d01aa28aa82e1cdc37d0fb9238f2 |
| SHA1 | 289445d5e39c0dad722742899b044e32e9ab4d5d |
| SHA256 | 9047b61251c9a79b98763b2a5e64aa98dc5365182592f6e9f80d77bacbe8346b |
| SHA512 | ec6d26edb57ad666020c7ebe6bc08f6c7e7ce5ce801a2c9e25ee78aa5142c0a0a2fd5c6792d9ae6d641a630d2968f8415c16fae651cf1e01f845f3ae2b4e1f19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd9793622b82b77cd3b14387ccc923a5 |
| SHA1 | c8721c3da7197d81aee97dd8b91dfb4ec3506dde |
| SHA256 | 1075dbb931cd8d08fcce2d98197615c1f43a2c99d8babcdc2528b9ba74eb3352 |
| SHA512 | 9bf23866f5944aab47fda6b06626306185b8d8b5fb9f9cc29a58f8e89dd192f022a97302ca3cb33ce6e8c0b599af663a4f8baea59c76de1bd416600790c650c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82a7129f2e15d9926faba7c16cf163a1 |
| SHA1 | 7eb7cf8571fd8a8d9269bae52116fb838eaf3698 |
| SHA256 | fd174614e613cf305c4ba373c0139af48010c222e96accc9b898e2a547a60f0f |
| SHA512 | 64f8884daf060d89b513fb39b10ead700210bc4df4042208435532d2835b6f3f4ba0f58fb90e91680e9e83eaf6d7c956560c31d987c86f7a9b2c06ef0a13ab0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9c3cd8748280d9f5b58ab425a674581 |
| SHA1 | ca2913c8d2b47c1f635efa616d95092f307d394e |
| SHA256 | b6c97d68108f269b3eb37f7c8e2cbdb6f60576a66c0da008f53e40f2639bd303 |
| SHA512 | ae01eae857f7b727084e7608e391d91ad543b3c2e423f28622ee0c45a7cdcd011c22367b55a8fe53c945f47d4d5724ce83ef28affe0273ac5c5fc65d08ce90c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16a29e244d4a94816fa58411d5eb7e16 |
| SHA1 | 51bea72e09e718c4d201f1b8f13fabd939f3fd20 |
| SHA256 | 7fe6e619113e23308929c4e55cfd9260f9cad005ee8fcc86789a98e4cd872557 |
| SHA512 | 32ddf8eef1bfce4ee767ee745b9e2a4151e6ce2401c4b771aed1b5849f12927adc783d3fe337c94df6480dfd726f459a275bc91288d9465ba67a4c507720aaba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a9e4942f88f76499097c4e3509c8716 |
| SHA1 | 8c10d9e14198ecbdd5fae7d91818004683f8d05b |
| SHA256 | a8db935d58bb6d140623d9470d2110e760521ade43ca58edc0bc95d7eceb069c |
| SHA512 | c04e0f05a329953992e3ea086076681233212e25e43a503e323227a473ece10c22b8b2f6109c286953348bfd94e2cf1f9d6f4f6bf4bcf592ea4e51e914b19e68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8b46278fda527ebe9824ce53f330cf3 |
| SHA1 | 9604c071008eea4032df752a8e0eb2857b45c4a6 |
| SHA256 | 1d503f31f49465b282ed1306a501647e673d69eb6eaed4198c3cf0c8e2fc36a2 |
| SHA512 | b6035e35d298c5c5f6e82b285378a465793698f50e2f94466df938834ac305b6b65c30663c750b86c1a0e55f869416088d34385f02a23b15ee4dd2f1fdf747f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 9407aa35325b6caf3aa2b90337621cd4 |
| SHA1 | 9e85ad3be688791c438b37bb548857b48c2a7b2e |
| SHA256 | 2ec162f986f5645a94a46debd5d656b60b6f3b99f6151f4b9ee7c6b82fb1e4eb |
| SHA512 | 3b41fcd5f71a538485bfca779bb893b5db89393cbefaac08404ae4021bf178feda8673a492772b4e38cc71eba6cac303c41e15e876e3565a8e003a0930722b58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90c8154e43cfff75e473956a1108dbb5 |
| SHA1 | 65fdadd6777086608f6cdb785b052349d3f02b24 |
| SHA256 | ca4545e1b07afc2c49a817a95ee9f9da37dad5c39d3bf680e6705ffb673b36f3 |
| SHA512 | d556b501aaa2a011cb95f5a9430080511ac3223d5a900ee9a7706c47790f376e6d5c6e35ba1d0c4214336e544c5b408aa401a295e3ee309a654dd22c1df25dd7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a2a119652c6dcec14519f1364bc5917 |
| SHA1 | 8d914ce6085c14f97cf34aa97e6a2362c9581a85 |
| SHA256 | 3559cf9e02f720a645ec7c6ff2f8a1e16d8eb1221411b24949397ba52e4be19e |
| SHA512 | 6bd87b0a594a7603c13f4c2a28bb34be3f078872bf10ce7d064766c63c149c3c4ec56baba36d4b49b6c690618b722d8aedd7131b0fb462f6ad23b66a91e19b43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 434d7ba2a2ced7176430626a9cc16f58 |
| SHA1 | 064713d8f06768db59ba625f971aaeee083c6b44 |
| SHA256 | f25d4cb2caa12276f13e8721952a47f2bea80a43f52dccbbd5c75b97577ebba3 |
| SHA512 | ea441e5d21c4b663ebf3882b29e0d25e82c18e1c479e99ec9b58bd6a21466463bf422911bb6a8ac5df725bf3a17fac023b8f3060c60fa2380309de584136a30b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03e2d633e2e96bd76a6416f3f000c62a |
| SHA1 | c62635b5564f5a21d7c82ce5ac0bed06215a058f |
| SHA256 | b3ad7445f25fd6cafa8cfbbd298a3dec0b931f91a0512aa6b6b65a5e8dc42076 |
| SHA512 | 256a5aa0f3aa1f2b3253d43dab30f88b7b32be7f2da9f4ebe04ef40d394ee818db1d58cd4f133b793867f3f8b9ff95d3d2e7ada97e914320e57f0e59e66c578c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6113105f7bd15583390badc80d9b87f2 |
| SHA1 | 992f2c9892f7316cdc34d1e46c83e7e01906956b |
| SHA256 | 2b63b615fbfb535deef3a9e76e470ed84b3d668b3d85d103ded32bba652e408d |
| SHA512 | eed27bfa59907cc3c95f904686f51fef2f861181a54d1dc1a0ba4fbe29762557b4b2e97baad5a9e673c0b64b644489d13ad7fc39493eaefeb2f9dc6b6b7ef3ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6dab8a5c3319e6c93492b5eec6fb241 |
| SHA1 | 639dbde80f8cc0a953a368e09069755f691ea6bc |
| SHA256 | 13886222dc6bc9f41fe69162f41256e14f2b20aa6a1efeb04db26f56d83d09c2 |
| SHA512 | 4644c4eb43b71001e5fe864be63fec460ad802d6e57fd072949ac9532093e6435ad736b1bb14ce186aa4e8c0011afc6bc2363d69f6cb2652b8f9d207f41d0e5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | a2a593310d9f95dfd9d3d6165746e0ca |
| SHA1 | f5834639596bb0f9278a72a46c8fcc122a37896e |
| SHA256 | a5dbc2205d9e4057c78992be4c0740992504243bb0bb7b6869e4b8200c9393ed |
| SHA512 | c3e7b15a859b4b7a3c02874ce3f6449b3a5865d83a2fe308acf7ad48abc65d973fa5880a579baa092928756f25deca787ce9ff7a3ff844d204d2401f01e6a219 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 916011e0acc9aee2a9b05398b1cb91d1 |
| SHA1 | 87f4d814b14d154f1739fb59234e4e9c60470149 |
| SHA256 | a9db1f15f443fd7205d911a87cb44f1dccb3b321f04613d9df58d032144dd677 |
| SHA512 | d8b699fb470c1da05837b9ed22f80da99571f63ed7f28af91a16e4e9d0b103787a6b940f20eb0449487e42039f74aa0247e3325abdd01f5c2ec3c7a46f5a8d44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd73f30e875d00266abb501122a62b11 |
| SHA1 | 94251c934c4db5ba1598992b7c6eae2b1360c579 |
| SHA256 | dd91a6ffce07f47a093606518dc1b51c6a48b12f9d6af09c71ba9e7e42095cb8 |
| SHA512 | 58338205cb60b851a883c82edf8dd4074a4cb4addb0049647bbeea4e41927fd61cfe5574d9549bfd6bc16e9827748a270ccaecca28111d5c0392aacadbf588ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6393db05cea8c10f4694b7c8060448d7 |
| SHA1 | a46b4cca2ae777e3508348bbc909e911b7a13098 |
| SHA256 | 7331c7775c2d3175afad2ef43d2655706d91921e9ec3ba1f138303e740ef7cf3 |
| SHA512 | 6e9d11cfcd93f924dca2b2d0fa975571f413f0b3043c00f48f39783ba74bc10b6c1024fe8213a1b26b685f616f467328b7413925c12b4ac1af6ff4a30777847b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7124a0d07af993ffa66ceba64d5ae525 |
| SHA1 | d9902cfe8ee495ed4f1d3a96ed2c99790e7f14e1 |
| SHA256 | faf80674f5babc28c641987980ba9cb41ccc34ff4319fa9603a23254ca72d049 |
| SHA512 | 34527f3b121f6c344608ae90a1c75c9470b772761f70a85ca27f3413ecbd175d473c9de18d7b694242b64e341d95d7077c624e7e14a9f898738bf2ff0e6df142 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 09:35
Reported
2024-08-25 09:38
Platform
win10v2004-20240802-en
Max time kernel
148s
Max time network
143s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c073c494c46162c7a712de694bdaf78d_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0x100,0x104,0xdc,0x108,0x7ff87df646f8,0x7ff87df64708,0x7ff87df64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,4017783142021104155,15184868325820246197,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,4017783142021104155,15184868325820246197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,4017783142021104155,15184868325820246197,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4017783142021104155,15184868325820246197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4017783142021104155,15184868325820246197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,4017783142021104155,15184868325820246197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,4017783142021104155,15184868325820246197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4017783142021104155,15184868325820246197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4017783142021104155,15184868325820246197,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4017783142021104155,15184868325820246197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4017783142021104155,15184868325820246197,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,4017783142021104155,15184868325820246197,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3896 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | 155.11.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| FR | 172.217.20.174:80 | www.google-analytics.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dd2754d1bea40445984d65abee82b21 |
| SHA1 | 4b6a5658bae9a784a370a115fbb4a12e92bd3390 |
| SHA256 | 183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d |
| SHA512 | 92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ecf7ca53c80b5245e35839009d12f866 |
| SHA1 | a7af77cf31d410708ebd35a232a80bddfb0615bb |
| SHA256 | 882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687 |
| SHA512 | 706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696 |
\??\pipe\LOCAL\crashpad_2072_DADIHRESHHMYWDDV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9226dec4db70838ffe62c8f3fd9f7a1f |
| SHA1 | 9b505cf23126a174915ef1c4d0612b6b5a682f8e |
| SHA256 | 08131957ec415d4e49d6fe568dd101b3b43d693003b22e0f5ba6ef42e92768b8 |
| SHA512 | c479176e91683970160886a9d8079fb1d5c59ac9948890747906d200717b46d1a243e35933788dd4e143255b6308423bd2195d9da618416a620e4276531ec934 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 40d56b1631e16efac37eb5a47649044f |
| SHA1 | 9365240a7e2211ed2b5bad28018bedbdd27b0bf0 |
| SHA256 | b0315c70fdfc91bc77c90b5734fadc677895e51c1c40e91b293b35388f13bd92 |
| SHA512 | 4e45b18becadafe3ee175d524a05d69902f5c3212579f5dae9f103d50d9ec10f58419ed7f5c00c7f29b5077b1cd442e4ca13766637d1cb28d4127ad573624254 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 586d517a15f2cc590c21177a36d2921e |
| SHA1 | 1f02d496058727cd5ac317089187be3cb159c138 |
| SHA256 | aaf56036d10e4e6ea4364923224f066b929b3505ef977123bfeabcdb534232e3 |
| SHA512 | df3d2ba38fd2c2d4030d1f52a6e948857ca69597f4b4e950fa61caceb091822223ca1cbadd2a567d75352b3ab5cf96e3e663c8fd0a70a567f99004181aa857e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 90beade33a1206c6e8b0c29d422340ae |
| SHA1 | 96dc02dadfac40badfd0a254e377f43a12a94abf |
| SHA256 | 690151d2b9d0ac25f29fb46b19792517e81ef2c21d1550b50f773083c9217e63 |
| SHA512 | c3a9efe5271152b9c20b678d8c52e207565741e4082b2b6c858b157d69195f5f1cd2cf8bf3b994225aa817bdf50133e336203ff2d571043eb71d4ee7f3b32561 |