Analysis Overview
SHA256
23c10bfd70cbda6052317e4613dbcb42ec162d129c8a094e8e296cb092c9b58e
Threat Level: Likely benign
The file 82fec1bd666c79c3558397029485c939_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Detected phishing page
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-30 04:13
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-30 04:13
Reported
2024-05-30 04:15
Platform
win7-20240508-en
Max time kernel
145s
Max time network
150s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F0846681-1E3A-11EF-A4F7-5A451966104F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 003678c647b2da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000009b4db30440b8226cc3bd7d6736eeefed69ab95f8f6ae224a822307be22f60635000000000e8000000002000020000000aed5dd5c63f04a49ec6bfc42d0b851f76f2a7eb06861461376f0db35d0b51c349000000080a3438685ff7b756bf295ec2b6c39097c54dfcb9e60dabb933e30aa2f9375bdc10687115235011e0c2e2f39a1eb153f2a20b624223333244507954a7eb6869a8a06fc037b4aa7805e63b429a2c2742d7b206aed7a1e87b189334c3d9086cec87b16623de625acf68e097baa28764c333e646066c36756bc09858e3f37d03957c41375463090f8ea671030dbdd5bb8804000000031898cb34a8d10f172a1a56510abf11e04879b46e511070973c9f86acc759fefa110addb0e21bdfb6482e16b254420bd37fa61c5f4655143867dc8bc972abc0b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000978d2195e5f4e90835720bfff061a3967ffc11a61c478d97896a3c39acfa59b0000000000e8000000002000020000000f4c8900a2a893005e0b5c51381bf13a386eee791185651feabd228be635cda8820000000a06f118205a9d168f8f0a8e07c39afeef8c636392f9eb6933a552aa260ecacda400000001b0864c0446728853737b806a3c9a2b10c7585ba2939a29a69e50f865643ce576ddff362ab0237b8945c1a895c44548fcec9eb6b09b7a79421e32c1dc5c7471c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423204263" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1252 wrote to memory of 1968 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1252 wrote to memory of 1968 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1252 wrote to memory of 1968 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1252 wrote to memory of 1968 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\82fec1bd666c79c3558397029485c939_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1252 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.engineersedge.com | udp |
| US | 50.28.15.23:80 | www.engineersedge.com | tcp |
| US | 50.28.15.23:80 | www.engineersedge.com | tcp |
| US | 50.28.15.23:443 | www.engineersedge.com | tcp |
| US | 50.28.15.23:443 | www.engineersedge.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar284F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | d2fbfc7bd805f1e75270a1c52e04757f |
| SHA1 | 96dd2e21f5d38f70173fc630d4627ebff7c79a99 |
| SHA256 | cdde58e9507a684822ad2ea03604138fdb4c7160010d8cf8bede91ea4ed7179c |
| SHA512 | e4e1272f475db2b30db03b824e303d61247d2b05595ba70eb0710db8c60ff62b9869c68f0a1c9cb92b5425b4002fe9beb9682108f3d95930838d1dfa9a237e30 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | c5dfb849ca051355ee2dba1ac33eb028 |
| SHA1 | d69b561148f01c77c54578c10926df5b856976ad |
| SHA256 | cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b |
| SHA512 | 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 159a4b93639fd03565db89fbe1ed1911 |
| SHA1 | 0da26735fdca3df4246686103fc2c24c6d3276bc |
| SHA256 | 177687fe2f2bafa1da26cae24b75e2ec58f8a85345c7f82fc3761783e9a52cf7 |
| SHA512 | ae3852536b13ecc153103766ec26d90526ee80a55cd91ebefa2e4fa96656b9d649003cc50c4b5ed1ccd9c94c80e1d46f4b9a6bcccc8e3addf03050eae02e6023 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f16b68b3140f16c03e66e02bdebd5df3 |
| SHA1 | 9020c5ebd663685650e281af27eb932cb200a483 |
| SHA256 | 18fa3c11530ab6797407af892d13c438ad7c49042b96686eeae9725d1fed99a2 |
| SHA512 | ddd32b3f37eac4898e3a213624773260ccf873293970d3c805db3805e1effbab083afc7f9d7e7adceeec3e7d377341dede15eaefe7d1fbab6bd1cad2c16d5edd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b037eb5564648bfb0875dbf32afaada |
| SHA1 | 6d9ebb84de4fb9c04727fdabe7397b16f52557e5 |
| SHA256 | acddcdb92899502df14c05924f62c4c1378cb5ed9edc1b475cd2b5ccdf33f6c1 |
| SHA512 | 278605c0fc9593a288edc000f058db5bb53c2108a89f9f33698f333ba0e6e31c6a4023aa724656dccd0aa5fe826d252ab2c5d04a154681d543f8d7762fc47bed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc0df59cc079059765d24e70bd02711f |
| SHA1 | 1650fd6153bd9968ce10e10a76e7357117405d09 |
| SHA256 | e1d296cdf79530c259e6a2e4990b9e5c429814d460ced1d434ee91c611b8388a |
| SHA512 | 3c32051b7b5a2ebc4e53ccf4ce75bb3abc57fb633d545b420cf8259ffba198ec7c142d06170716b4398fdccc184298aa2b69f15a4262dbe0da8c549dd0716cb4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecb6931663937e34651c1eaec0d1aa8b |
| SHA1 | de874b75efbd0eab8f448c0885bcc785acfeb788 |
| SHA256 | 04260ffa4efa331c795a1c4cd3eb811c9fa7fb61cbd3e3bcd601449c92a759eb |
| SHA512 | 5fe64ee4de89207c1f867a3114569622099a038c88e6c573c1a76f46c78c4b4e61a1ead7c80b995f1c1753d707acc1636a0343cac0460bd1b626376801217174 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b0d5dbc6417e816000987cc86e5b76b |
| SHA1 | b473d0336988f73b7010b9bac1d4276d2d155948 |
| SHA256 | 302bcebe6e221aa6d15808ada33f0641c7f399838fb11a3a1c2bad313e766dde |
| SHA512 | d71ea2e2d4a6c1c074fee2cafc1f1028abeca3164870523e9ce30ae0ad58ce9895a501b7b8e23996c3518c9bdd1ecef0e31b5da14e25941aa74b2ade2579271d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6854abedf00ebe17b267485d9f33e41c |
| SHA1 | 3b1dce6f81a380e4f4a390ab2476e32cf6271234 |
| SHA256 | f1219a06441f338cac573a961f30bb9fac5d4a8e92d16f02f87c39073e6dc75a |
| SHA512 | 201aa612e2bd28207a2320572f76431a7d5835898db5561084164c70ff3feea8c83e748cffd16575bebe45d5f4716c952d954c2e8dbb4dcf1bb4a2e09dc27e66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 113f686a0f0c7ca717211db6d2ffc25d |
| SHA1 | 8a8a620c551944945de0f9d83ebf871acdae16e2 |
| SHA256 | ff746f83ee85ee4409ba2af2dac1f744fa565d6ad91d29b0f6e082c4780b4a00 |
| SHA512 | 44768e35ca73acd0199a1a9b4d674c3cf23a0539efdbf3e9198e41dfa0ec059646cd60e7e5cb27c51b3d9edbf7d8a87fd24f4108ba537df747a4923d54077b1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1942cd55fa3ef15c4f5ccfbf1817a67 |
| SHA1 | dcdf249deaf36ebdc2606c294d5889966d7f1443 |
| SHA256 | 5df812c9e06d48d6b6b6c6e8ee1f92b7f0e210172935abaabd9a0932e9671234 |
| SHA512 | aac8bd4578f0bb435c86724e388447238340b4e8ade1092ef719c4e05babdc22af3fc014b2fccb1d9cd9795b8feaac1572cbbcf91507c2040eaf1c1e1b0249ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd564d84b7bcaf202b5851e4d18c3cf2 |
| SHA1 | 0b1157e39d3779bccb9a3d990a1ec05fb8aff2de |
| SHA256 | 7fb034508914708a433941f6301c617fe7a39fc10f9014cad4b18c61c28e9b9e |
| SHA512 | 01dfaac70e412e6bdca552265d3b6cacd6a559730228bdf524cf0e59096b5002da4f8c8cff67c7da9d600b09c43036ce7683fd5f8900c09e98e3c4b6a7fcbc80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39c7d256acbbced191acb2e400a07d03 |
| SHA1 | 693e93a334f594e69f27b3aafad7b0acf0c375ba |
| SHA256 | b0e975d1a5317071d6e667dd3c8e1adf02aafbdf2d19555ac7c321a516f0b280 |
| SHA512 | 02ed2c2cfe0b4f52cc0a2bc8c93bb0c47e72e2dab903dc89e63b210ce75cca28b380d85cfd58e783ed737c92461fec6590409125ef5e72887f329bdf1df32e2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c64782692852854b438f376d34a56ff |
| SHA1 | 07fdde4ac3dc570cbfe210b6a964d52c084f9c5c |
| SHA256 | 686dc9b0e16e91baef33e1defa2b0ae603a66bb48c2ccf901cc39cf1519ed6f9 |
| SHA512 | 8311bc4485abf21d0cea69428283e8155db0cab135109a2a065b62f43208e65cf9600194a940d1382790a7d98ada8bb54178babf2278147e57f7f89d87dd481c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c31178268bb773463f94d57a813dc704 |
| SHA1 | 82399c9960a16096b7df6f2f281a8721187df69b |
| SHA256 | 607dd13d214ffd2b84553a2bbf93bf97362a3cbf6996097dff62c53b42d72724 |
| SHA512 | 8256dce68008146265f8d688abb777ac476d8f3bbddbaa52bc7d981e5b3785fe625232729c03f3700ab74dc1bd733c4ec5dd5921aa28f8983c515362e21baf56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 657ec8d85744361d303171c210717636 |
| SHA1 | bfe4c589230c4891545fd408a6626d0b1f1d3034 |
| SHA256 | 5073dc5c0f16efe995a8e05e92a110717f0086edf0a1edc38610bd3bbeb371cf |
| SHA512 | 4ecbf2040f07340d456eb0a660b4fbabb6c67c525b82177395a184777e7504ad1f38cc4bd2ac5d39ac88203d2d82fc30ef60b707d704b4851881e09c78ee20c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd604e1e35c7f8a74c347cd4d8722276 |
| SHA1 | e88ad894028e43ca61ab0ea266f42541e820d2b9 |
| SHA256 | 8c88affd12afa579969e2363cdcd82ea0ca65408a4deb4e5df942360a95e3731 |
| SHA512 | c2d6914881223b948aa0447f19fcf69941802b966f16ba1a640b9fd529215ca4bee449d16b366b38300b4d34556a7cfed35bf7526b1e6647a1b9114f0e10cdb2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8161e5955f210faa6fb45ca07b0329c2 |
| SHA1 | 9d6551d99ffe8c78cde05110b8e6332976bac317 |
| SHA256 | 9554a92157a69a44abddfd992a19cc6d59f48df3433579d308d25101b8121cb3 |
| SHA512 | 5d03066818dde41f0443dfb4472c2774f57ecab2c4c6f0513aaa8bef2d136b956edc5eb4721f95d5cf497297f52202c4fe3f5be9cb70e383961e38ff64ce82a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f1676fbf014d542ad81df230e772137 |
| SHA1 | ef4ada74c3f0c08917c9f55e6b8b27afec29f9e8 |
| SHA256 | 88782fd4ba3c9e970487152f076a08d0c6df63a92b610e4f31f3d815113c1ac8 |
| SHA512 | 21e0e4f6ab6a4cc4fdb0889712f50a5ea7c7f8aecfedb587c42f791462aef4257f22f3bc9bd3b91b9b0a92eb47e477c2470e6a44055d753309718cc111c5c504 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4301ff1728f13e6afdbd936cc4f3e23a |
| SHA1 | ffc5e421e039e1f67135fd9f488761eb3a4a04e5 |
| SHA256 | 0d084516955a577bed37cdcefb239e8206b04827b467a36045d71716570d2548 |
| SHA512 | 3101eb6a6eb85320879055a6b003ed3bbc829c24aabbccdc25f3dfa385832f83ba379404fbfc570b00dffc9de08f9ebe1149e9305580c0c226c8838c9aef4b65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3ad29ceb40d28fcab04f14161df9274 |
| SHA1 | d742e1d19d4d8021aede83f5fa243b9336fbf461 |
| SHA256 | 63f278de588db01f56f1fbfb52a0a50eb64b0b8f3bed4191e1ba09ddc7fae657 |
| SHA512 | 381a6368e2d433c7fc201cc5965c9827211798ec4242b1d0b4e0d8c4716597a5605606a7eb808e92150810ce5cfe72d6432125270e891b72dba47d11876df68a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2607d90e61857d9c87616847a0aa8178 |
| SHA1 | 88c8ae5f9ef2be5420fb41bd5bb4dd3d37ddb504 |
| SHA256 | 5ae600f67f3888424408e5437e3bbe043e165fc9cf9eb8832961e7107d5f192f |
| SHA512 | c8dba4f6cec0fdd7116f6867f89f45e90b110e26072dff2b13955d2647da4e64407a96a1c9bf8999b9f26d7555f167240bd7e5971931f89c09c70aae734f5322 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-30 04:13
Reported
2024-05-30 04:15
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
143s
Command Line
Signatures
Detected phishing page
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\82fec1bd666c79c3558397029485c939_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a1dd46f8,0x7ff9a1dd4708,0x7ff9a1dd4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,15737709183226344733,9287553414062499929,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,15737709183226344733,9287553414062499929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,15737709183226344733,9287553414062499929,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,15737709183226344733,9287553414062499929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,15737709183226344733,9287553414062499929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,15737709183226344733,9287553414062499929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,15737709183226344733,9287553414062499929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,15737709183226344733,9287553414062499929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,15737709183226344733,9287553414062499929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,15737709183226344733,9287553414062499929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,15737709183226344733,9287553414062499929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,15737709183226344733,9287553414062499929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3580 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,15737709183226344733,9287553414062499929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3580 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,15737709183226344733,9287553414062499929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,15737709183226344733,9287553414062499929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,15737709183226344733,9287553414062499929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,15737709183226344733,9287553414062499929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,15737709183226344733,9287553414062499929,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5108 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.engineersedge.com | udp |
| US | 50.28.15.23:80 | www.engineersedge.com | tcp |
| US | 50.28.15.23:80 | www.engineersedge.com | tcp |
| GB | 142.250.180.2:445 | pagead2.googlesyndication.com | tcp |
| US | 50.28.15.23:443 | www.engineersedge.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.15.28.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 142.250.187.226:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.187.202:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.38.181:443 | analytics.google.com | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| BE | 64.233.166.156:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.38.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 216.239.38.181:443 | analytics.google.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8b167567021ccb1a9fdf073fa9112ef0 |
| SHA1 | 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898 |
| SHA256 | 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513 |
| SHA512 | 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54 |
\??\pipe\LOCAL\crashpad_2332_MENAIVMKBVDULHCN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 537815e7cc5c694912ac0308147852e4 |
| SHA1 | 2ccdd9d9dc637db5462fe8119c0df261146c363c |
| SHA256 | b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f |
| SHA512 | 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ed5a363af1129f25e7afc88756825c80 |
| SHA1 | 245e702c976b3457c5f81f90e56043f50ba4eb64 |
| SHA256 | 6067a316e890444d69e79647c8145dbfd52500dd563f66729f62796ba0e814f0 |
| SHA512 | a9a6c779bd53f6617f097bd0b1f5cdd906d4927f3a2c6442297395ec40305caa1980967b0c41c7ce8c8b63e8b5daec7d608775c26fe058335298ab3b9392a307 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | dcab45982ef7837a81dec98c295f1d95 |
| SHA1 | 3ea615c797dae739fbda2aa33f547ec725eff412 |
| SHA256 | 331e32feb775dde4766c2f5c99015c12e9b1dc994d175f0767e83402fffcbb96 |
| SHA512 | 307807d41a0ae7bf9c3d6b22f903e711bdaa741c5049d74a70a8aa085ee133b3bc3a5762040c80f991bed98052a9f78b6043c33c4c62c539e7c36e736f3a1a57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | aa6130a59187b06c6b09ae1572ef0a0d |
| SHA1 | 0b6718a5abe4eeaac7f57a7038a47ae20010a766 |
| SHA256 | ceeb3ea88b9c2605b5b11e932a46be7571e964c8ed2ecd12076e128a342b6d81 |
| SHA512 | 7238afa858f0bce89e2b297a7df8136f37404da90d05a8c4b8c4357cbf6bdcb7c226c72b3bc8a60ee9596cc5f381cc5dc0336877de3d64f3b6b1608094cc94fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3e947d3eda2683851ade3adbbc5dba31 |
| SHA1 | 60a2053b27cd41bd6393281565651df54ac296aa |
| SHA256 | 029b43497c9e8c2177cd9ccfc2b4a258470ee64f128dd90f552658253f262222 |
| SHA512 | 6d73ec3a1275071f7c592bb1f8a21016a3a4a065f00142615ce3710a29fb6ce134fcf7340967c0fa6fcbcfaee8f801484d61b33b98c57aca693dae248a8b57d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | dbe636519c9ac6edbb28444f89c8239c |
| SHA1 | 2fef4010cf179f4121b23cc2159080c4f5ab11c7 |
| SHA256 | 469c01db2a5776a1a612edc1577293f160aade6a8a574b196d959bab3aaf3dd8 |
| SHA512 | bb4a30246caa8edee6ce0e89428c2ec7311b752f16f822d783555b09ea09ab67d4f0b4144286577162521592f6c0b5feeae6bbcbd6cfc49c71e52ef842e84a40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 12189f0ee3bb70b4c87c3890f636fd74 |
| SHA1 | 7430525179f169c2d328c1ab5d6af34416d2beca |
| SHA256 | 17be41705f237404e7580f620ba1a7889b4ea2f71db1f4547d6c4445b9583b1e |
| SHA512 | 72395024da08ecc0943fad99e2b9ede0cabf48ea16dee1273dbd65cab9e2d6e63d1f59488cf12292ea5176546089cb6131c10aec5bf246f2ff01a6ade14038d2 |