Analysis Overview
SHA256
3bc7ad143fb62a080db23d88ebf04a42d11ba92233d9eb4372daf30fbcd56c6d
Threat Level: No (potentially) malicious behavior was detected
The file 704ec57b45c90db11cd119f0eee6cb27_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-25 00:37
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-25 00:37
Reported
2024-05-25 00:40
Platform
win7-20240221-en
Max time kernel
120s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422759341" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cdcc6d0c33890b4fa5aed2f3118d43a900000000020000000000106600000001000020000000da883d7d48a944014d336317c811899b04ebe996d122319f29f136dd5c6d21ec000000000e80000000020000200000008d2e7ea4cc856dcfe11b314e0a0b79d782e9cf6c584c2ea98f1cd0e5a13b2f1f200000009130fa22555e0526c2ce92a8ac4ff9dfdf18c18f1f9f8af30c2ec98c1811793d4000000091db35ef5ecb6a78d3903426449db8c05af61aa298a24bc4396b99c2ca69f8793bfcd71cef182ff7da8cfd56bb2199304a7f2cc75fe14fd27e78db3eeec1f9f4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{05B2B671-1A2F-11EF-922B-6E6327E9C5D7} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cdcc6d0c33890b4fa5aed2f3118d43a90000000002000000000010660000000100002000000019301fff2490c976843e57aa3ac96b600b2c75d94f412f1c6831869fa3d88e78000000000e8000000002000020000000d1c85a1bfd562e1e6a1ba163a1d347d2bc2d63eb077e480c6ed0f6e0f9f05c9d90000000d7e2cc63fe655ed6f2140224d99115e8d18af0ffafe752a4a4ca2135f2107b0952389058e26e971028be55b0a8fe9645e496af61615e9e3b179b9984d3045741c7eb07f36d72e3e99e2b528b6bfb752c53d5be2f09ad7ad958e5bc53a986af76d81f3295858b7dd236a198afab7ce7ad70864986fa5c4d26dceaa8f6ae5463fe63f09475ea73910434e2e3b382b15ea940000000a2d9ef29a66c7171a77124159fd2238f6723e3a06f344a44648e6263c9f768a50f0d4c72ec5cc7a6d11f8f3a1c92db832b53bab2fefe5a59b79f768e679e5db0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2059bbdc3baeda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2220 wrote to memory of 3032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2220 wrote to memory of 3032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2220 wrote to memory of 3032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2220 wrote to memory of 3032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\704ec57b45c90db11cd119f0eee6cb27_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.djsagewondah.com | udp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA1HZF3D\audio-player[1].htm
| MD5 | 052a7080ea56864ff41cf51f88891a3c |
| SHA1 | c73e62d2a5876480e10c04203d94713d53141986 |
| SHA256 | 10384cd1980218483de796b19b1b9c1b9692ad96e85e3eb3994e8498ee4f3392 |
| SHA512 | be12319ae146f672b4d55f195273dbd9dd6b9bb3f4013f288165feb0b0fa9b4e88b404608bb46acac5a0f5c2a8f739edbf20d26e63fe9989161165f0593b2e22 |
C:\Users\Admin\AppData\Local\Temp\Cab28A9.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar299A.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c45cc758e4edb9a616c9d02c9311daa |
| SHA1 | 33021b6f61cfbef3341c1a8eae9ed02cd683ee07 |
| SHA256 | 16f4f71da7ab9dd007dfb5c1c5e3ecbdeaec1731f7317dd09f5e94acc1e36d76 |
| SHA512 | 1f3206ea2b70bd8855aa7b338f2bff26ac292002cbdf79ffbb6bc710f73cff6c92b813d69dca2cdfb136766e959b100b6f7ac40667424d883b944c22ccc0fed6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85c705c68b084138f629d77d376a8a7c |
| SHA1 | ae849bc47811528295d7cccbcc32e9e3f3e810ad |
| SHA256 | 4ab41a5b0f75b206dbe6ce0642bb3c233f02ee83f72bc3f515acd79749a10c82 |
| SHA512 | b02bf7a904da8467ac601a6bb9ef4bd46c5fdaa3398f34642b4c32471454481cfa58f9f30acafe2df8c0ff24580c218913de4be51910d7298472a84bb722342f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8fd20c8abe013e321a051b85c9fa6f6e |
| SHA1 | 162b9cad9d386573ab45690ed33000b79ba02d0a |
| SHA256 | 4915a5bff3fe1052caea20150e7d1228abfc285a985cd56a41046c47f61359dd |
| SHA512 | c0d38eac2d10131bda19cb967ac7a35b45365957e63d69e2fababbb38a1e9beb1c5d404d50ba9ada6a2997b0f4586c092198f3ed8003845a09f68b9bb7cf5761 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f52dfe119531645eed87b9b78ffaca6 |
| SHA1 | aea2d94b43cfc216ee3ce54596abe1737bb38197 |
| SHA256 | 711d68949a5835178a166a20993cc8bcd091286eca792fa400fad425ccc50312 |
| SHA512 | 4672a07a55992b0ad4ead896eb7c4aed7648b94a304c3f2a293e0cb4f5d7c803331dfa2f68e1f26cb91c93ac65525ddc90f86dfc9ebacda8feff454d6acdb7e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8e6e007af844cba03fa0fcaab3cf517 |
| SHA1 | 44374be58fe687f4c7833e773db504cf65743eae |
| SHA256 | f28caff7aaa9664899d590c9f0866897cc629f30e6740a05e14b534f0edf1eb6 |
| SHA512 | 2bcda6978429962dee4d95d496278a661fa836e8160ab3bde591c34d8c2cb7065b8251b5bc77c9c35279276191ebcca5d5e2178c3b8e95205b78c80f913052f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92798ebf27f76431c739ed5adca98cad |
| SHA1 | bccd84e037393b649daefedf0fcd86e936782278 |
| SHA256 | 80eeaad4ade6c7d68f3524612dad257a80ec746bdec0801307301fb675b064e0 |
| SHA512 | 0ae6ccc587d0422dc090bc1d539925a942be7fe01ccc7659122206def21ac8b94558bee3bfc55392fd04db14b1a40ced3bf2ca0b5d1bbe697089655eb8237790 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8570abdf1b824f9be0fc8434e1b67397 |
| SHA1 | aba00b01fab94af4bed5db004e71515b8724d9dc |
| SHA256 | b4d35dc6ad2a80bc81575a2607736657cc0c89f415f9645c9b9205a95937c6c7 |
| SHA512 | 79afa6f3863a180f017dce1d2b260cfe62d0562d3ba327f4d6800e8213dcf8c6d22b7daf6048ded22f21b1ffef29b70e9b841ee7c7ed25b5f0ea571651aa682b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ccea08645761c57a95d2819816890bfd |
| SHA1 | 5c4ab7ea84700a3763e67e420b67434164962b44 |
| SHA256 | acc54f987a8ec951d82af682d03a770b7677b871ff9c599d705de40f275b4d5f |
| SHA512 | b79d80f2fadcdad44b1b88c62ab4ca64a40098b9b4d8e66f3fe3122b4fc343cec0a9935598953e2546e7190917ecbd7a4f4efbfa32cde94a35a3986e29db7a5a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d206496beb7cb31e0a6e8f469ecaef0e |
| SHA1 | 32dd293fba2b79cc307fa290f4439c3a3d783861 |
| SHA256 | 10e68c5cbd28a396c9642dec8936326bde03eb6b10bf6879780078b7b815463a |
| SHA512 | 38200e11b01ebf6b234dae741d109a0efd34c8a22f24c1f05f795351ffdbad536a1e28c4e036fe467b1c212bdd9deb8d62a98d226d9c0f61562d797b3b1c14bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 861f098214040e8d7c16126d5d70f779 |
| SHA1 | d98e7672cc5a5392f206097ae37aa38a32cdf2bf |
| SHA256 | e3a650cce88327351c1fc9d4042d8703fd1ce2e657ddd9cefc4cbcd009492e6a |
| SHA512 | 2cdc284717f186d7a608d4ceea3929e698df9b46b0657e4f4fd7988ad73ce467fd3ec34ee4a360aa61cd3b97b68ace8c3c76ebb0b992986d05d2a8488663256b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99ab8abf5afb4188cd09e4207f7cd27b |
| SHA1 | 6a7fb5078fec23daacb21e73c079260b861f370a |
| SHA256 | e0414dcabeb4e00ff23f585286c2309c991b2308d21a69d817ebd4f1992758fb |
| SHA512 | db339415caecd47faf759e43da1309a9f8631467e68575b9d2dd03150bc5bb074dd5754c9846f1af88e998b7a64218764f2c31f32ea4999b421c8ea36d687722 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bf11f4bbdb61aac69f3ff3b2d95ad40 |
| SHA1 | e00c83d717c4682af2bbf1b395f9174939c4f9be |
| SHA256 | 137f573edd77851d1dc7f6a9afd4db0dad618a1e3de25347095a3753d56af44e |
| SHA512 | d8b4024d6c0158c160855e4edf4ff3d962365677224b84d583cd4f9e92d2e80a606f1ec47ca361e20242b96cf17096c6c11c2fb4dba8d4c668896c5436bb85e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23333c73043503dc4df122af857e8ac1 |
| SHA1 | 37d9a03cc64506a0c27e7abdb97613f7586b40f6 |
| SHA256 | 2285f29a70275e994c3e1e9198b0a566088116a8bc57ebeebd58fe42867e64dc |
| SHA512 | 610875eb6d75662a2753cf9e2610a399465c1fd0eb6c475847f272202ceeabd86ffa6293efa88e4d4beb0b5e371f527433bf2af4c4b8b140d785292543846489 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d480632078ba8e1241fb083290bd9e5 |
| SHA1 | d0c8b7e9b9ec0e0d073e8304689c4727ee4ebea2 |
| SHA256 | 4697e2e0058f2f16359fcd41d30416aa4d0bc2161ca50bc8719b3f25154da788 |
| SHA512 | 294645e5216f121223e2eae307fed446558de06fd60f1fcae565d0b1760a1d6e86ab60b73e3520bb9856c5af077a2286212fdd69e78941e9d5de1837ebc2abc6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d507e46a2121d4f6a894343b45eab674 |
| SHA1 | f766740ed58a71d7e5fa856a8be3ed06a9e49c69 |
| SHA256 | 54f79d5dffa320be128ed5bfd7d5c8a134bb46d925b33b070210e94698607ad3 |
| SHA512 | 4f6ceb7799a751db410300b94077630646915e81c71220388d5c07da63b3667e89021c94fae3e0a86b270a74ab020581fad0d921f69c6f5944df13841f53e3ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e855a8d04aa11b4a7f99e2415c84bf0 |
| SHA1 | 4de97406b704bc2196c3bc3f2f8ebc877604c850 |
| SHA256 | 8973f5d616230105b5b22a4978a37dabf4f07b931c8bbb7f37619463bc3fca13 |
| SHA512 | 72cf03dc710bb9d14b48345072bf4c04877d99486ff08c40abdcc053f1c8176640ac94217c9643ba4cdfb0c9431412454b1b6ce94a1184300daa8417e4e7573a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa54cc7604930a83efe1c8ce8dae6217 |
| SHA1 | afa3d7315cbe1c651710403a161c137d4be422a1 |
| SHA256 | 1d2f6fd575cc5ca4f7e49bc35b089dd18fce3fcffd40fb3410e19f899cef9346 |
| SHA512 | af2e6e69273495b90140f5aff82858ee33b41c1cf689107a5782484f7c695d715a9b716f8756c20ff2a09d04c9059aeb359d7787fd98d768f2ea9f6331260d6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e44d86fc53f1b65e4eec1df48b1411de |
| SHA1 | 6fdfc851308b8ceb4dc585ecacd476136cf6f7d2 |
| SHA256 | 5a67c7e3cb323e2c2630086cb37da8984f270efddc7bd0e0ea5157a5409ce53b |
| SHA512 | 79afc88642934cc9bcecb770988dda2501b56231ab8fee41925f1037cd56f615253eec7883c087f9a9275ca13104e33356073635516cfa49d1898d91f461eef7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 205ab17db1a49bb831552a9b66c844a9 |
| SHA1 | b3236c0ffc7b2c519a4a812f04b04ef7c73be50f |
| SHA256 | 31c58f0927469e28b921dbeade980ab5c58e56e4d88315df6350362d9fdbda19 |
| SHA512 | f5548dde16e8f5d381cb85b9463d3257a68d1d1a4e12f9294d9c8208b89a6e7ec4e80a59bef56a7433d6d9faaf611d03a6774f9746c5ab1b178a24e27eb58541 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-25 00:37
Reported
2024-05-25 00:40
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
127s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\704ec57b45c90db11cd119f0eee6cb27_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9272c46f8,0x7ff9272c4708,0x7ff9272c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,6464384480650518458,17259886776965241577,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,6464384480650518458,17259886776965241577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,6464384480650518458,17259886776965241577,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6464384480650518458,17259886776965241577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6464384480650518458,17259886776965241577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,6464384480650518458,17259886776965241577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,6464384480650518458,17259886776965241577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6464384480650518458,17259886776965241577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6464384480650518458,17259886776965241577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6464384480650518458,17259886776965241577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6464384480650518458,17259886776965241577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,6464384480650518458,17259886776965241577,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.djsagewondah.com | udp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| GB | 216.58.213.14:445 | www.google-analytics.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| US | 8.8.8.8:53 | 71.250.95.154.in-addr.arpa | udp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| US | 8.8.8.8:53 | www.mixcloud.com | udp |
| GB | 216.58.213.14:139 | www.google-analytics.com | tcp |
| US | 104.20.5.36:445 | www.mixcloud.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 104.20.4.36:445 | www.mixcloud.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| US | 8.8.8.8:53 | www.mixcloud.com | udp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| HK | 154.95.250.71:80 | www.djsagewondah.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_1316_RFCRJBVGQKYIIBTZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5d3384dd0bcfae524f8c537d6e30505c |
| SHA1 | 8d9728c35e077a217a3d5ebaa05cef14b5501553 |
| SHA256 | ba7fd36db6fddb09b8e1cf841c982e7f67e3087816705b9e81b75703ff8b027a |
| SHA512 | 919aacbd2b3efb0b4d7b47eb3eeef4d5a067bbf1c6c5973b4afbc27dc051ac2cb03145c56686103de3cec4d08c99fe9c1ae2ca53b75b7dd7b1d8811e09a64ef9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3d2d5a047d54948748465b8c3bd2d1ea |
| SHA1 | 5db567935d116679dd22584854971bb62b8bd682 |
| SHA256 | d05280af57d63fa432fe167df4334c5d9f441541e8b0b899deb04f6269d9d490 |
| SHA512 | 827707ed4e9f9215d79334c196bdf356249a4d4e62442e606df3f73666f4af9aa3e37c2a6468f5279af59b78895d88eabf566ddd62aeccb275626958d69ab815 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d49d5549a0c49d8cbc22729ad02d8b5f |
| SHA1 | 41e28baf27760e66e6f8829aa4fbf334eb8c612a |
| SHA256 | 4d6da39c505cb67427c69c826391082af6dd61343bbb5bce2ec82791f54f769e |
| SHA512 | 84114a76d93f531be29d12b6f0cc453688c256640c8eb17b65f68bf7ed9440c36cc961bff4d913f42976faa5910e47d1dfa4905885fa86511b9ab271db22d46f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |