Analysis Overview
SHA256
53e2ca198783ec18082bc00f25ad8a891b7340056c62433540d89d49f5354eb6
Threat Level: No (potentially) malicious behavior was detected
The file 87899c67921baa7fec230b1ddcaee37f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-31 15:49
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-31 15:49
Reported
2024-05-31 15:52
Platform
win7-20240221-en
Max time kernel
135s
Max time network
132s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6D057981-1F65-11EF-8D50-4A4F109F65B0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423332464" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0023a04472b3da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ec23e41ce0c3fd4ea4c18c523bc90a59000000000200000000001066000000010000200000009b20541372284be4ca9ef5c1cf0aab1377267d5ed8bc863b8549936194f61dbe000000000e800000000200002000000021a23672023cd8f309ded65213d331a7b014d40c2862bd48ceea6554112d3ab020000000ff4daa174a386bcd2a9393e1496b1d8590df0c987f5924f50ea3286c670aa64c4000000038639ae47301cb57f8126674422d5a55f04a18af5efa893f8844595ef70d467eb71ce4fa41ee305cc6ad84f54b2c9b389b5471c0468b1f0939ed3c1785441c6f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ec23e41ce0c3fd4ea4c18c523bc90a590000000002000000000010660000000100002000000030d2ecf54d70487852e422946c97e7a66abe61891628ae6410f6ff5fac5f323a000000000e8000000002000020000000b5d616b56d38f9e2a23149739d4808c427f7e305212f9f9f66a6b20215f5c68a900000006513820394b914eb995a259b61f437c05c644c45cb2027359a88eedc5257408e55499dd80dea49bfb97812d089929e227532ec47022916df51e31a226c946d2f2be41f4b0fee81ed9f9037869b0a7344b036c73f8c9e0d8caa42d03b0ec66bd571e7d4a47acd605b09f44d458d6834caec641b7b2a94c36d7dabe1c3352aa2d08c9730650d29ed34d860dd34890272ec400000005c014f1bad7513c2e6eee63f7aae3e6b35a6fc4599350381354c937d95f5307c323f964dc4de231b50e0f6acab75b060ba20470512ab7fd1416e3215e78ac39a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2216 wrote to memory of 2348 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2216 wrote to memory of 2348 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2216 wrote to memory of 2348 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2216 wrote to memory of 2348 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\87899c67921baa7fec230b1ddcaee37f_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 33cb05d7d427ac4609c909e3c17027ef |
| SHA1 | 873d30763af29aa211369dd3751d9dcc3c516bb9 |
| SHA256 | 5788fa9eac3b9370f3c791da0e250deeb4acc357993b3c69f9898047b6ebf091 |
| SHA512 | c7b29ac1e1e4e34d5cc4c9ffac8c8bfbf0eb9c5503133a1a0a1a1bfb66ea4ae20cb42cf8d709076a8f6eefdecd4339ba789958ea0bf2c25a4ac92a228e863827 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 50307dd5a05eb1be118dd601a701c942 |
| SHA1 | be4994717eda8765bc6bd57384b314dbb1b42866 |
| SHA256 | 003b0019192cb0ad667e934ed3b6b76f68e95a62aab33f28049a919a52d6d608 |
| SHA512 | 92e0a914dd04769499f889160e66f4db6b771ed8fb583e52c9b7dcba15a908f590098d233c3f483c9f8a3b0662d2c5b652bba81888dc9e6e1707ecb2c0cc3277 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_E37F650C7C62919AD1A050357EA5E69F
| MD5 | e51807a1ecb7375012fe7e5122503a3c |
| SHA1 | b01591706e02f55079c6d12cb9455c3f8f667b66 |
| SHA256 | b331536c0e4247a0ac840bdd6c519d83d2d9667e6320c34a7afc4801ad353d2f |
| SHA512 | d74c0629c1d1fca63ab77e72c705e11eeed279c44ff2610f895cb72321dbd174c821b07a350ca923c488e8c6b9f830c682387fddb9172d4510848c74a8bcef47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23c61ab524ac6b535f94f9d9da052a30 |
| SHA1 | 32f12fee5aef14612d537fd5c1cbbf975927d857 |
| SHA256 | 9ccf03dc5822cb0537d7ad30ec08f92b1f8d9ce946516ef90796484be96a2f53 |
| SHA512 | 6b91d6cd1a0f2e0fafa61dddd66bd0fa524fde2b08c6f7a3fbc718755e4295e87014efeeabc7a66733720f589a4d61d78784d7ab8d42293d070384b888d79d72 |
C:\Users\Admin\AppData\Local\Temp\Cab7957.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar7978.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar7B43.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66c63d53df2b102affb3cec7ee2bb35a |
| SHA1 | ae685319975d2f16bd650d6cf30f8edffa854546 |
| SHA256 | f45d5e1c4666a16bb8b859db8a562cb63ee7b25726e2e4bc51e2fb704e0a7192 |
| SHA512 | a580b866db32d2d89fc8770bd5164b36c452692d92fd8f44b2b2c60610437a97ddcd3f6089dbfb40a23e1970db73a2d187f4a9281f1994851f1e50f9a8a0dd4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03e57b9eb424f7bdfb54a0cc0e3d9630 |
| SHA1 | c851d1f684236c435c7eb0403ba24e6272d7ed85 |
| SHA256 | ba97137044c2387104c269ca84670073f2c15f4acd942142e821109d648dd950 |
| SHA512 | f09cbdbd852df4f2a0fb671d0465911bfcb592c61e071fabe7dabfb929f5ae6c4defb062768049f272e6b4b617d29e69692ae029ab6c1a77971c2a9b601b9c2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8f911938a9ae9e7c6f112066770e5cb |
| SHA1 | 3f3a4ceb3a2eb954843aee55b26cfec8db5a20aa |
| SHA256 | a99e62524cba9c40614892fd033e68c14d8ed83192fef215dd202ed70cc15a02 |
| SHA512 | 3243036522ec5947f42a0411f90dbf07c5b7f999434ba3b798b5de00e84bf79cb8324dfd3a311ba43fd3e60ce94f2daaf64148bf35b9de2eeda2691f97a35f62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5746b031367cfc67ef7ec2a0778b1b8d |
| SHA1 | 18bf1694750d6bf90799b7e03a08c9cbe2312880 |
| SHA256 | 7e0bde6e9888d76ddba640e52031131a51b1efabb8c7c772c648aa9777396e14 |
| SHA512 | 14c1b4dfee8d9aaadae762b9b3fbd9b702a3f3aef9af687842175c1cefc6b6a14d4c306f515c594053ca0752f818ad5895645e5aac3222c77a37b8c6958e62f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bcd52d90c6d30324adc6913b146fa3b |
| SHA1 | b3e016b320ccb7f8806e89983345c2281425623d |
| SHA256 | dedd2b52c8b38bd8ed295ed5ad7304643a4c7d1d5f173435701b1b2c7fee7b5e |
| SHA512 | 77c0ea23bf010e75d11b4325dcfd938140cfcac05c0441d6b517e82a5a1bfaf831ff57c6263b2f8bd85d76df12ca5a4695250deab9ab776a6c18037afc71eacb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88e3c5eab5e6f941076064fccabe134a |
| SHA1 | c5f0efe59a5bb99ea326bff406db4588a4293d3d |
| SHA256 | f5c0661e8291d88299df263cd911dfeb6beff932584beeef7b983983b90e1158 |
| SHA512 | 50503151f9c3ed5a369f95f9c439186e3381770bac08b8f5cdb9153896555269e62a4606d0b80d83e5afa5e68c524c99b07fba2ebfb6d329b0393bc9d070f01e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b15b64225a816e629004b0cb8a37fdf |
| SHA1 | 92ff51ac25f70e5994e21b8e2719b1ab6c3d31f1 |
| SHA256 | 88b90497ab71978a76ffe1d6312a242e920c630d69f78e37a4aea6d71415c401 |
| SHA512 | 29aaa02c5c977f2440b845708d926313a313f59927d95834839be869f0b2eeb3ba8816b97958da6f39a7d428e8171cc093976796a5dc43c98cf9aee9768358f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d15078ffc751ec7026371c83583f1f5b |
| SHA1 | 48aab58b3d5cbf8d957b8916b0e60c29a522406f |
| SHA256 | e4fac2448355d91298c12fc395967ccab7a6ce13eb104a5a2c2985f46de01592 |
| SHA512 | 9fc942a24255092f19091d1f9052041eb3c4de7b2568110afb690e2219b5376d52cb10ed6d477e7404218d3b88f6f4074f713259108ada2cb0e90f3fc33bdc13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb6836f78456a1ddba9c3b16ea8d9b15 |
| SHA1 | eebda95f4b09729fd0d650f14c7997d3ebcc4b55 |
| SHA256 | 678e42c3af83af82a7f8cba4a7ed0d8269f338375f4af371e859877a7a7c26f8 |
| SHA512 | 4874eb0849dfa1c1147cc9194fc56bd39433ff1d7e895dbf52cec7746e2542cbffcb1a6d198b4e57e100326a6716ea5dc3199f48ab9e2d2f7ec12c8cc8d212b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11eed6027c7920c057f8c94faa5b6316 |
| SHA1 | ebf87ca29f74bc244da152f4663bbab5ba692b55 |
| SHA256 | bfb42a9475ac55fb77683807417ec1965fe66a330ded818b46aa6099493d0e2d |
| SHA512 | 3810464ffc75bf92a853b9634594d3f9154b6f201cca1704eff315fc944272a6f5567b3757e854c73c7ecb363ba4fa8f1049a306aee2c31484cc72c04516d9d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 8cc1cac973a14ddfd9c9b8abf2abf431 |
| SHA1 | 06425c78fc7b2ee13cdf8db90fe7f7bc66cb17f5 |
| SHA256 | e1e7cfa5d3c7c8fb0fb1422e5c56dc2b5d2c5b19305511cd73684161d67b42a1 |
| SHA512 | 2fb2a8e490b70b8710005a817e98feea09531767fa2d928ff211dc89ce991b5d60f956ba3a78edcff83a1ba498297824898d7da06eed14ec99715e641362f020 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af7133f6fad181f5bf0483c5a70a9169 |
| SHA1 | 960c414c404ad12148120852a352ec9c6b72364c |
| SHA256 | 63b4c6b42c9757c1e2464fc96d2fc2cb1bb42856a6221d2249de66765cff42db |
| SHA512 | 38ebd1d72db1a73c67d79fdc2548d8e458e338e1ac17f5f4a33676fcdf77d6e1b03aa1c7d702f07d02a46f977ddf01a826d2a1199417838beb69d128cea301ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bdd371fca1d9e2daeb9e14e75f179d5b |
| SHA1 | 8aa6abdcdbec65ba55af7a38aa1a148f5635b8fc |
| SHA256 | 008e8445b692c9ee20adb94511e7eb48aefd84c777d8ebfe18da0c3f0d74582f |
| SHA512 | 217b13be879dc8fbe224a487f6daff7a505b496c5b4a28fe101ef97b37dd365011c307f14ab01272b8f72a418179e813ef228887bf2532981b827c81b8f9cc67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0290296ee5a63daf4ead7b20c2810589 |
| SHA1 | bd72c94a66630e207c3784b1f57371a4b02dc60b |
| SHA256 | c289542941aba53fbfad28e9720799189b6cf604e89e5a84e7dd8c8c1d869f34 |
| SHA512 | 79c700b105a92ebc42eca34109180cbb6bea4a658ade25ace63410ecf8b0c54dc801e455192a6a19266af59c1ce19dd5aa2f10ba529083daac06eb5151155b20 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64e8f582b9deae9651efe24fc726b723 |
| SHA1 | 2146468fe607909d8f20e841d0616fb6a1a17bd4 |
| SHA256 | d54f6ac554664b6a97aa7d884e4a6bea07246552a384b79880c534ce788a68e6 |
| SHA512 | 7fbec95547eee8c27bea2f87c72f5d411237434305d58563ec73bcc263522f03979249661935e35026df117a79d53e80298ac0c133b6c592e00c6cfad4034f7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9a86b332c4d19af7ce981831a1cef94 |
| SHA1 | 1aa3d45239a1204c446ce19d944279aad0ed673d |
| SHA256 | e27286d5dbe7492e96fd2fc4cf297447eae5aa89d79c0858739876c4ad6b938c |
| SHA512 | 4d388b4e7f897a00051c0cd1864ad844dfb7c403eea82e54ec32f5ae8129f2aa1b78b31afba6cd4320b76f89fdf49b8a73242a26ef7cc28c3fad08e9fd963fe1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | ab5738b0d040536e778b635baac63d0f |
| SHA1 | ed68af777aa2e0833070cc2cafcc943a6d321b2e |
| SHA256 | ff0033e32c04b6534fa3361d9a0c7843dac4d9d89baa80c45096b4c5b4eb4979 |
| SHA512 | 09a3e5128b807b1771cb15323dbc813bcb017536e13cdbc944d629953f2c2e53966f70c42fe3aec2aeab0f7909144b138576538cf157f30c6f5d6d937c8f8923 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5db8439dcf801482d9c91ca24adee91 |
| SHA1 | 820eb8a72e9a1b9fb696c6a91188180ef837a250 |
| SHA256 | 124c5a235ac6027a4c7a7309e0e23fc2acd4eef4543eb9b5dfcba6adfc3acbfc |
| SHA512 | ab2eff756d3c742b9ded66c36c7abe1f5b67194295883edfe49cbdad016e56749ef90332de7eefe714fa509fc778c100fdb21b7a9eb77ccf8b622f28b2b311d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5e588206f96353e7ff48b76668f27f6 |
| SHA1 | 14d6afe20c9640aef18e857eec3454952997559a |
| SHA256 | a56641fee0ad8b4b831b2d61f1a3869942361fb5d4fa67dc6f1213723ba80a5e |
| SHA512 | 29340b331ba5aa811c09f912823a0de18bdcb85d62d24b8048995d13fce084ec83f56f6c452d9c3626866f3d1fa1d2fe064343beecf275f589e805f8d9d76422 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 989dcfc90d724ec3ef89d9726c5df30b |
| SHA1 | 9970e4a29d1526803282e0a4e23329fdf3b3e837 |
| SHA256 | c6f15615803203c5c3a428c6dcdfb071154bea58d8a0a4941a8dc75fd69c6529 |
| SHA512 | 09e7c4dcfaa8f8c9c02efdd93cf6525fd58870f1f7f04a86afb5e16abe9eb93f0fb4b5bd3e72de56c17923e36decd19df84d86b50a42bc6a75287ef833806b5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 491d121e74601fe2ffb70b0d7f9bcf31 |
| SHA1 | 1c89824d6d93262c179798be05540ff17d2acf96 |
| SHA256 | 9dc9d5b8e83a6eebdc1d477516d0eba445d4c553c7cff0e9c736895ca88c8bdd |
| SHA512 | 2959a65e00bcc1111cd5c3fb58ad08f6c68c10c309ce730dfff62a68ba2bebda69ee6074b4b5a25c44d327f075d2a325e74648765c37d5cdd62cbf7053d40829 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-31 15:49
Reported
2024-05-31 15:52
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\87899c67921baa7fec230b1ddcaee37f_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8dd7f46f8,0x7ff8dd7f4708,0x7ff8dd7f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,3120823516019115949,14577104903087332429,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,3120823516019115949,14577104903087332429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,3120823516019115949,14577104903087332429,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3120823516019115949,14577104903087332429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3120823516019115949,14577104903087332429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3120823516019115949,14577104903087332429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,3120823516019115949,14577104903087332429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,3120823516019115949,14577104903087332429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3120823516019115949,14577104903087332429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3120823516019115949,14577104903087332429,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3120823516019115949,14577104903087332429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,3120823516019115949,14577104903087332429,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,3120823516019115949,14577104903087332429,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5080 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | vilalusa.com | udp |
| DE | 3.64.163.50:80 | vilalusa.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.163.64.3.in-addr.arpa | udp |
| DE | 3.64.163.50:80 | vilalusa.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.80.50.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 87f7abeb82600e1e640b843ad50fe0a1 |
| SHA1 | 045bbada3f23fc59941bf7d0210fb160cb78ae87 |
| SHA256 | b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262 |
| SHA512 | ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618 |
\??\pipe\LOCAL\crashpad_3012_ZMYKEASJJJGKXDOM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f61fa5143fe872d1d8f1e9f8dc6544f9 |
| SHA1 | df44bab94d7388fb38c63085ec4db80cfc5eb009 |
| SHA256 | 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64 |
| SHA512 | 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e00091027d3f994bb17e43b44136719e |
| SHA1 | 7e092f9e8d9979691ced785543030667fb7f7afd |
| SHA256 | b5fcb368bd0ffb8f4af900ac76afddc69481086c98a79f811a5a7ee576fcb05b |
| SHA512 | 788a185c9c5088e5575e5fa4ac3ea7e1a778bcdb42431162c76ae3415498e1fe1d7654647d391425642a8b9d17b27fc2bab996adf8c8b4bb96faa88dd44d1a40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c86d8b1598470cb8e48de231d1cd7ed2 |
| SHA1 | fa796758496ba390b94133dc6d55d12db2c57865 |
| SHA256 | f700b4ff595376bd3ec10e8429032442971027ba8ed1bafee31a09aac0d64d83 |
| SHA512 | 2594b84d10b223d4d34e50182b16dab311de746094e20e70dbf4af6f6ad26ab601e47843576442bfc6967a2a90d076de1ebef1d235f409936c5a9dfbd0dca2c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 88b3d86a5d71fccae401adad0b5c8667 |
| SHA1 | 227bf72ede5806896a7de4b31db1fd50d8553375 |
| SHA256 | ef0493938073dccb20fdd71ad63506230978000c705d8d28fa5fc8958e12414d |
| SHA512 | 4cf279ca26957d6fc8b4a0e814df270add262e2e0f84508f224f7e557936bb7955b8d5225b9145c5939e82232e5eb55bce36694a345c91e72b29ee28537e34a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7c5d481405e5ee622df23bd59d06a815 |
| SHA1 | de80606e4b28c7e7a034cdfadc8807e68c77435a |
| SHA256 | c72e6e0f3f095846a641741e27d72236aacc39c7706402b68316079a4d87dc2d |
| SHA512 | 224a051dfb17f4a86c2fa42dc5555dd0d032742530d739e90fc7637902db4456092f19e3336492bc23c672732ba6f9215891067f9e2b9aab5e21b4c248aa0492 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b22ecd2819a4d318ba33f7653b5ce505 |
| SHA1 | e88283233b93dfd27edaf9d87a2806eb69ca30e8 |
| SHA256 | 8234ce70966bed0182e0c6040fe1260ff5a7953efa6040f77d29fb0ddfca1960 |
| SHA512 | cb3aae73fa8e6059e487f58ecf65807608cd8730f84461b4205f8fa1e8f362afff1a8302de458f502e63db06d345dc5a4e8901df67a329718455a4e94f0de314 |