Analysis Overview
SHA256
11b12aa63fb21a3d6473e1715e84e8b3372120089f5cd821461eb66e1524edaa
Threat Level: Likely benign
The file 80a5678a59cdeba3735ce23f8ba198ef_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Detected phishing page
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-29 11:54
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-29 11:54
Reported
2024-05-29 11:57
Platform
win7-20240221-en
Max time kernel
141s
Max time network
149s
Command Line
Signatures
Detected phishing page
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d086630cbfb1da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423145540" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{351714C1-1DB2-11EF-9F3E-D2EFD46A7D0E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006f6858b730cd0a49b1a8c7be33e4d969000000000200000000001066000000010000200000007d51450c1f836b521d7b2f25447297af96b3c4dafc27c69b465692934bd69829000000000e8000000002000020000000de0aac5510c7a1c9809c19d7dd07a27524dd29d82bf52e9da4476140bbbdd2e320000000705a118f3d5c638d26dbeee10027b219a7fd22cc9f97f0eca158653120c644dd40000000e0995abdf0f894d548d068a5c55b25b71a1f68c769653c048f886ae54d236f6b757ae64a2695776c57df9682f9b6f8bfef9b366ee4263204be731036d664e1ec | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006f6858b730cd0a49b1a8c7be33e4d969000000000200000000001066000000010000200000007ba5233bda0077b0b4bf329e9dbd7fe80b24d96daac01552d5646defc4ef6660000000000e80000000020000200000004b50bea4642736280a87d8544fb71410d3dd2b166ee4ed50a081dca75d8bc8b89000000090cff4388ec1979645980b9d2c0e7f0070b939032d8d989d80f31ef248a784a7681c95cc4b5dd9bd7252e1163eb2cc8338b016517adfd05e36847475c893ff8463b6e8aa6ba5c7ed93a1a1b4c0cfc51a3577f9624a5a6a1c4c6d4f1a984a4881f4ffb3651b202155b6f78b5104f264ad98e75ab3b9c4093bc1282b85d07bd5558b9d52833ff8e416505b2632c2a010a940000000ccbe04e03a0a8bca32ab49d9fa40ab9ec79d46c441e7b8d32764b1108272e8f3883ce43663f6ee0b7c9aa62ec2c5032aa003a52f71f70663ad0e024b0aa27c9d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1688 wrote to memory of 3024 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1688 wrote to memory of 3024 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1688 wrote to memory of 3024 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1688 wrote to memory of 3024 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\80a5678a59cdeba3735ce23f8ba198ef_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1688 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.acaprensa.com | udp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 8.8.8.8:53 | player.radioforge.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 172.67.206.141:443 | player.radioforge.com | tcp |
| US | 172.67.206.141:443 | player.radioforge.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| GB | 142.250.179.234:443 | maps.googleapis.com | tcp |
| GB | 142.250.179.234:443 | maps.googleapis.com | tcp |
| US | 8.8.8.8:53 | static.radioforge.com | udp |
| US | 172.67.206.141:443 | static.radioforge.com | tcp |
| US | 172.67.206.141:443 | static.radioforge.com | tcp |
| US | 172.67.206.141:443 | static.radioforge.com | tcp |
| US | 172.67.206.141:443 | static.radioforge.com | tcp |
| US | 172.67.206.141:443 | static.radioforge.com | tcp |
| US | 172.67.206.141:443 | static.radioforge.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 64.233.166.157:443 | stats.g.doubleclick.net | tcp |
| BE | 64.233.166.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.acaprensa.net | udp |
| US | 8.8.8.8:53 | www.acaprensa.net | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 43cb67de8f68433c5710d2df763db823 |
| SHA1 | eaf2a1e30b5d5537753e6afb4ee6dc9b862def0d |
| SHA256 | aed3b133a444ff6d96e93ac81c4acf85b462d855499dc49864d1d1b8206096bd |
| SHA512 | f7a19225cc08d319afb9c9d9db46b07a19abb916a0abdbf498eb47ef812def574d8478f1c99b5f85033146a9da67922097a829222ba15265fc2c40cc7362bf6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 401320149161671d61ee1ab176ec20f8 |
| SHA1 | 7fc789aec6a0f3e6ace8a09d276b2c829cdd25b6 |
| SHA256 | db90e6a875568949a10e13abc9c4c0f71a47da7d9d46b0ca64a6d9973fe47027 |
| SHA512 | cf2cf29647f2a6adc877c698c9dbef95fbbabd68b9d06cc79da428a7639b036d973f2acf53a6847d0edef24667a1033da07a2cfa9fc0cf5c9681cf258bd866cf |
C:\Users\Admin\AppData\Local\Temp\CabB3B8.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\TarB3B9.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a33294fadff990dd0143a807cb845e7f |
| SHA1 | c1314c10227e7400e0d09412b53b3a5aa361b7e4 |
| SHA256 | f9b1ad025da3871117b1f7e75b620bc28bac1ad197a12269e7d8fc75a54bdc2e |
| SHA512 | acf11fbdb24bc15418390884c8a861385ecb7c7a3b12a736264787c4fa0b08e923089d64ef26a5e09bd260485db853a8c4cd10955b6f326f472cafc777ed8a05 |
C:\Users\Admin\AppData\Local\Temp\TarB4F7.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 823019eee1ff987d4f76447551ab5c28 |
| SHA1 | 338ea1b3460a5b12326b85c1da64573b9b401849 |
| SHA256 | de371cc04dd0a5f3c2af8b5c5a97524304eee85d5c98d5691acd726e8a37ad25 |
| SHA512 | f245705f48a71884b122cbc25fcb6d13e8a89501369fe1888a79d39b6f754e6854eeb30e9a79fc0ede95f37d1808a650d9f5f090ba90e6ab4a598386b94f0928 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b55d04bda37bb71eb861f12b06bcfd4f |
| SHA1 | 37d906c5007345e8028090b5349552c331a690d2 |
| SHA256 | 3a2e60aaa9b3003a22cdfe8033a808797d6533d7d3d8d5e58cbfa99a074a1e12 |
| SHA512 | a5a854e4d5615fb31dcc1e56ca97423216d2b0c005cc4308ea88f1d72a27ec414deaae95b109a7077a3398d52e14d6c41a9ffee35374bcdd3b79bdc50dd4e2de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24499c874fc8f1285c76caca8245a68c |
| SHA1 | 6d5b6f9927313e968165663eaa2ebaf699c46430 |
| SHA256 | 805c1787e620cf95a2dacb4561578482786cd8c8455d60d7418c41e4f1e92878 |
| SHA512 | 6eba92690fe71ce22d5bcfa7039670cf36edaee2c3ff0483644a97ed7fd69185feafda22c5bee22fcc4c34c93bd2f75d1d55cd45ee9406a293b69705a6c1e6c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5082c58551569c9d51a1213701d49d4e |
| SHA1 | a0e126e2ac9e6f4f021d4e27289a590b62886f05 |
| SHA256 | 5263875277d8e6d0939b68913ff87ab5d274855edef9a60f80c2917d19904c8c |
| SHA512 | c80e9bc1e98d39d4a8d1daa58090887d8d36bcb57e66f350287a3a4b1ac292eda3948e5789643146c641a52beed8dbc1aa8a8272caa7ae40a61420bebc48e34e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14d0bac732b1f6e6d8b1477329741800 |
| SHA1 | dfe3784bf03a5c24c2955e4deddf11504010f105 |
| SHA256 | 8f7fab0c9dfe4753ded41e777689d0fedddcf806dd7fcd2a96991ab42a85858d |
| SHA512 | 86bd43068e35b6a27b5493c4bf90b91a97b4f4c859c10f7f8f8c03c1b9c2df12aff834dcb478c5848d1dbc2e50f1a171395c881f040c9683d6f3da032248cc1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ba94123226eed646c33e275ecd5d013 |
| SHA1 | 108134629998f2fd0e92b676b7d82914935f5bd7 |
| SHA256 | b3727a1f371f46ba1e03b24baeaee1115248605a583077831db52fc2ddbd2424 |
| SHA512 | 32065c8911bb7a9d1f2a72fcf0fb7bb239552fcf12f95680640a23953d49d952f4e01197c361186b15168fada63bb27844b80a844f928ead190883f357063e0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f747b7d8bcabb2c17b0040ac505cabe3 |
| SHA1 | 2575e5d59e08deca5483044bbe0dead709d85642 |
| SHA256 | 748b8bfb2659646cf0550788f59d60dbcd90a045c09bd04ef513e57ce291aad0 |
| SHA512 | 64b9a3716745f117ced974400534ced80add98563a1336a457a75874ede50de7691e68cdbded134e627aaca95ea3e12e4197604d69d6ed9ef8caf85068cd5a78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19ab8df7a6a71c94fab34610165ef6fc |
| SHA1 | 4a0ed26347ddc7830303ec93591b3e1c4e215e52 |
| SHA256 | 4ed6875691af3413f05f47c7addd1f66d96a62b3afb7eda29f13db9dc20c9cc6 |
| SHA512 | cd1096f350cbe0f8a8c54ef1d4576131ae0b53f538d95bceb091f503179f32524422c5d75e406df614b403865bc1c7b7bbecf7f37a6e3b198c4c9669b8fb3322 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 226503d7d5bf9eb42bc75de262de5f1f |
| SHA1 | af66e8a47d166925f4a9b86bbe1d9d207029293b |
| SHA256 | 731344b12f797437c9d75f95965f7dd0a11a36edaa91b58410402445937a4d58 |
| SHA512 | bd8c00ff9ec06f9aa5501a7ccc169915940cc1071586735c8fa19c3b280f3710ac8fb81ad8ee7dd4ea94883fe4539dd1a33fa92e35a059a29b501787a69c9e9d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93986135ce34f4893b7ac9b49905ea99 |
| SHA1 | 8c935091450b631ba1199600b8eb9da7c268158d |
| SHA256 | 3589fba7f7345ffa277dc505c78a1e1234490574b5c30d40755b2dc1a6ae68b1 |
| SHA512 | 1d90f326484e65be4b6d45a6c8f04866fdf7f1ff959683308b173a4c4429cde18a923ce5d45f8da5cd463e85c57a58816f30a2f896e69f1ae3fb688a034e7bea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | ba3ce26e5f1b5d2150ea4667202115be |
| SHA1 | 769de4b032062c9d5ba86a138cb52f4c78658c9d |
| SHA256 | 313441a40c917d50b77af609d1191215d6c7dba5622b4a327e500e78eb1187e1 |
| SHA512 | e57befb705390169d7d67e15871ad213cd8f833a1a250866683abfe5d0dcf0d9547f33993818ec27e5534b18f51d66e9fee5c36bb119bbb4fec38f83149aa017 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c870028b37996130634fc64452f617d |
| SHA1 | 743e166c59006f91a1053820ef01a4008711fc01 |
| SHA256 | a40cbe267c09324db59e5e477b51e8528401ea9aa9dd10870d3ee4e1ec7289c5 |
| SHA512 | d28edae9f00157d52963ad7066d5dac55ae9a8701edd8b22bf7a861f31d8a128c95520b2c459b4e0ad6a4a3fde53674da575eed0c3a379de906ce6f57134d497 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7983584d6ea50f89a565343fb233953a |
| SHA1 | e027df0d9d0714a4bb71fd53856438f5d330adc0 |
| SHA256 | 45ee6c69aeb09cf566def6216e60c73bf3ab2ef5f6bbb8e144427af9bccca70b |
| SHA512 | 7dfe94f37556ba0c8b76beacf8a944c20088bd4c411ffba5832848df4562fda974b2f5cf0fe5b3a5e03b95e6df75ccde133d245920e19b8851ba57eda519a383 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b8e0771fee9962edb91bc2f4c879376 |
| SHA1 | a0d6a3caeae4ddfab033ee114d0cf97b5fbfb658 |
| SHA256 | 83494f1f4b1d3771de762496b660d831a64b17f401fe8a786bead42e44e50e34 |
| SHA512 | 8fba9c1b40bf6b50037f0f280623b5f0570275c3f2c6fd6afb91a5e51f086073f6c5afb287a13b548c16fd64d6e01b5e67dffbfb856d7b3902da851a7632b03a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0a88a67101c1b75da5879de80b19b32 |
| SHA1 | 5345a4c949fa8a9ba8d08d0671ac81090f339d1f |
| SHA256 | bd3ef343bec08454ac1c64afc4b76b5a30183779792e1f72e584a011e79bb83f |
| SHA512 | 65bea1eb30324a68b8afe0a61c287dc657f63217cc0aa44c68be854ee1d18f7b19c6872424556175bfa4ed78e30f6e40b4bb0149f8e9faf80297c6d19090e788 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21bece44868ceae0b1ddd612904d8066 |
| SHA1 | 106993f4890e16e62a649003a18d8165759e5a5e |
| SHA256 | 4a5b1dcb081d02efd4f12df660dfb3bf00d180950a01d0cff89643befe54ccb5 |
| SHA512 | da9f54ef6a42b22ade04d0eedc1efa7fd8c799370a4aa1615fce16e3bc86c3993b1914ca4c3e41515db276d39c926502abdfb24784bcffbfee434360207dab0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49365d70b7bc8271b003be84069f6827 |
| SHA1 | c47ba41954bc13a3ae01ad4e104d8b0c49de1173 |
| SHA256 | 955372b1b8be612cca3a2841ff53254eae81099ff48a4a9dfecc0383682bd324 |
| SHA512 | 1e318f00a956f15db83213630941763f546fb6b22a343aedbc1f05f3520c5a1ccc84effd99f5f3c3dc377aafb5a3c43befae12adf1234fb38792a127de719eed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 72ef284011f4eee0edd2e2fa4a4d0d73 |
| SHA1 | 9c86e5b55fa9298ef04db292e53ff690a127838d |
| SHA256 | ddf595b5fcddc49812b3d5333a844a7dc55d9c87824d7f4b927bf11f07dec27f |
| SHA512 | afe37996a14148dd3889d51122e2e2c4fa67e3041b4425d2027cba9029e32346d5dc7f5402588ceac36ba6ea039bd50887d5f60abe4c442e3958df22049d0ab0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a835dae3867ead0bc74e4ba7e4a63a8d |
| SHA1 | a667661d59650135b584ce80a53a3c73ccb47a0a |
| SHA256 | 14eb57e504e5e96451ade49644a413f47de89b3ab2630c8cff14333111d63e20 |
| SHA512 | a93bf26dfddba7f0d3b5f223ee7fb90fa7ae96e2756afdffb7cc6c36654611898aa51ab771ccd4a64939fa209be228d71b1dd67408626dba7f7ff1167655a7f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 962825eabe9a1036ba763524d5d7d269 |
| SHA1 | 28c05de809938362dbe911cb94a2c09e1de77a73 |
| SHA256 | ba23daed83a03025ca15a4d1ecb969e4fb570a26a1cfeffdc03d5b07ee66de2b |
| SHA512 | 9bdd4805712f94fdb0bc2654ea02efc0b49af1ab704536835b46f7941c9bd73b8d8886f73c282fa8cc71d4b431778f4b019edce6a1392d0ca166b4bb461907c3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-29 11:54
Reported
2024-05-29 11:56
Platform
win10v2004-20240426-en
Max time kernel
148s
Max time network
149s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\80a5678a59cdeba3735ce23f8ba198ef_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff2ca46f8,0x7ffff2ca4708,0x7ffff2ca4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,16106766631896017417,2402804613781886201,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,16106766631896017417,2402804613781886201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,16106766631896017417,2402804613781886201,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16106766631896017417,2402804613781886201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16106766631896017417,2402804613781886201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16106766631896017417,2402804613781886201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16106766631896017417,2402804613781886201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,16106766631896017417,2402804613781886201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,16106766631896017417,2402804613781886201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16106766631896017417,2402804613781886201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16106766631896017417,2402804613781886201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16106766631896017417,2402804613781886201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16106766631896017417,2402804613781886201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,16106766631896017417,2402804613781886201,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3044 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | www.acaprensa.com | udp |
| FR | 216.58.215.42:445 | fonts.googleapis.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.12.61.179.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| FR | 216.58.215.42:139 | fonts.googleapis.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 8.8.8.8:53 | player.radioforge.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 104.21.53.2:443 | player.radioforge.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 8.8.8.8:53 | static.radioforge.com | udp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| US | 8.8.8.8:53 | maps.gstatic.com | udp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| GB | 142.250.179.234:443 | maps.googleapis.com | tcp |
| GB | 172.217.16.227:443 | maps.gstatic.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| GB | 142.250.179.234:443 | maps.googleapis.com | udp |
| GB | 142.250.179.234:443 | maps.googleapis.com | tcp |
| GB | 142.250.179.234:443 | maps.googleapis.com | udp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.53.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:80 | www.acaprensa.com | tcp |
| US | 179.61.12.110:443 | www.acaprensa.com | tcp |
| US | 8.8.8.8:53 | www.acaprensa.net | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.239.69.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dc6fc5e708279a3310fe55d9c44743d |
| SHA1 | a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2 |
| SHA256 | a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8 |
| SHA512 | 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13 |
\??\pipe\LOCAL\crashpad_1188_EKPEUKEZHPDPKVJZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c9c4c494f8fba32d95ba2125f00586a3 |
| SHA1 | 8a600205528aef7953144f1cf6f7a5115e3611de |
| SHA256 | a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b |
| SHA512 | 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9eeb6e0f26596ad21269a9cac7aaf1d5 |
| SHA1 | 2c027cdcbdad364ccd2da702cece57ffc24c2448 |
| SHA256 | 7242352cfe2bb64defb4a69750097b555836391e954432d8be8bf373d1f90e50 |
| SHA512 | 7e6fa8cac72a67147e375957b9c31f6f00ae6aba5313f2f0bcd6f79d25e0b9a1207bae01dfeb35b439b2c58625d449bf81ef71e07d3e3c4337e79b1e1ef4ae43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 01765c656551f24e9df3ab621e38aa6c |
| SHA1 | f9f8f144733740ac31fef0076f472dccf0f5e78d |
| SHA256 | 1cd6febb64e7ecad0dbede2d24ed452d9c4f7150df8f15a173f6ae0fe2655404 |
| SHA512 | 96b343d898d39d1bfe2cd43d17d1daf6fd030688577e69d236c26518d3eb69eefd97f69430cab7d33e5f6a8fb4697c7b15a500efce9df3cc0f77d42cae70463d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d0d736d0ea04cbaf68eb55f3d5036b16 |
| SHA1 | 3d1fadab5cd8e77bb2daac385ea6825b9be3a659 |
| SHA256 | a9ddf5a407383df793860a99e421b74e4c3861cc4043f40b0d52ea8575190c15 |
| SHA512 | 6021c7b749ea9649a6776774f8ef94145d364e709c6554a7027b300b98fd1216e14a6508a75007b68bd0aad5be54493a4b42ba213d0dc45bf1117f07dad1cd3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dc8e18d3ed9a0157f59c3cee0401a892 |
| SHA1 | ab32a8b18f2b39e79759b6e72e2d213478f3a800 |
| SHA256 | 15efdf5e5929eb70539115832538c3ec23e6794af20839370f1825118ce915a8 |
| SHA512 | a393edff3694767b09306e851101395b2d9a1e0be9fcb459c33ab921218ee82e9eab22093580f0049db0939b8b6df3cb875a603c757b53f5d255e7c01c123a18 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 76f9100743262e4e2e1c9abc07c1ca30 |
| SHA1 | bb5c043ac6ebc9bba59f18d6d8d167cc6fdd4f8c |
| SHA256 | bf65280907fbf8c97e79c15145b60e950f59697b73047998ef2b9764abec3950 |
| SHA512 | 7f1f77308bc83672aaba6e3f06eade056b19fd64a450b0c63817ecfdd6ef68baeec04c7262d9587a77b03f6e33d635cf0ba5ce7b2b110bc83cf3e399145bf565 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e26f988b538a772713c3cb7d0a8ff879 |
| SHA1 | 8cc8319594b22a49ec7217aefe7eee976d8b95a3 |
| SHA256 | 599c2d66d860dd6f9606361d6da4729c0aa4df13ff7e7fad0133e95db029e75b |
| SHA512 | 4df3cd658c837be842002b468b69329cfea786f82f33aadec3dd3bfbd394cf0968dd1ce39896c62f68f95fcee2e47f4592a6151e7155dd77dc71268887248bd5 |